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(54) Information processing apparatus and method, information management apparatus and 
method, information providing medium, information providing system and method, and 
information transmission apparatus 



(57) An information processing apparatus and an 
intonnation processing method, an information man- 
agement apparatus and an information managing 
method, an information providing medium, an informa- 
ticn orovidtng system and an information providing 
m^?hDd, and an information transmission apparatus that 
facilitate the execution of various processing operations 
m accondance with content data. Predetermined con- 
tent data are sent from an information transnriission 
apparatus along with code indicative of predetermined 
infonriatjon associated with the use of these content 
data, specified by a management apparatus, to an infor- 



mation processing apparatus. When using the content 
data, the information processing apparatus sends the 
corresponding code to the management apparatus. The 
management apparatus executes predetermined 
processing by use of the information indicated by this 
code. Consequently, when the content data are used, 
predetermined processing in accordance with the use 
of the content data can be executed, and at the same 
time, only changing the code specified by the manage- 
ment apparatus facilitates the execution of different 
processing operations for the use of the content data. 
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Description 

[0001] The present invention relates generally to an information processing apparatus and an information process- 
ing method, an information management apparatus and an infomnation managing method, an information providing 
5 medium, an information providing system and an information providing method, and an information transmission appa- 
ratus. For example, the present invention relates to an information processing apparatus, an Information processing 
method, an information management apparatus and an information managing method, and an information providing 
medium that use encrypted information. 

[0002] Systems are known in which information such as music is encrypted and the encrypted information is sent 
10 to an information processing apparatus of a user with whom a predetermined contract has been concluded, and the 
received information is decrypted in that information processing apparatus for use. Such information is hereafter 
referred to as content. 

[0003] However, the related-art systems provide no service that discounted prices for content are offered according 
to content purchase results for each user to purchase content at the discount rates. 

75 [0004] It is therefore an object of at least preferred embodiments of the present invention to provide an information 
processing apparatus and an information processing method, an information management apparatus and an infomna- 
tion managing method, and an information providing medium that allow users to purchase content at discount price. It 
is another object of at least preferred embodiments of the present invention to provide an information providing system, 
an information providing method, an information transmission apparatus, an information processing apparatus, and an 

20 information management apparatus that facilitate the execution of various processing operations in accordance with 
uses of content data. 

[0005] In carrying out the invention and according to a first aspect thereof, there is provided an infomnation process- 
ing apparatus managed by a management apparatus for decrypting encrypted information and using decrypted infor- 
mation, comprising: storage means for storing a discount amount of a usage fee of the encrypted infomiation; 

25 generating means for generating information on charges including infomnation for identifying the usage fee of the 
encrypted information; setting means for setting, to the information on charges, infomnation that charges for the 
encrypted infomnation is settled by discounting the discount amount; and sending means for sending, to the manage- 
ment apparatus, the infomnation on charges set with the information that charges forthe encrypted infomnation is settled 
by discounting the discount amount. 

30 [0006] In carrying out the invention and according to a second aspect thereof, there is provided an infomnation 
processing method for an information processing apparatus managed by a management apparatus for decrypting 
encrypted infomnation and using decrypted information, comprising the steps of: storing a discount amount of a usage 
fee of the encrypted information; generating infomnation on charges including information for identifying the usage fee 
of the encrypted infomnation; setting, to the information on charges, information that charges forthe encrypted informa- 

35 tion is settled by discounting the discount amount; and sending, to the management apparatus, the information on 
charges set with the information that charges for the encrypted information is settled by discounting the discount 
amount. 

[0007] In carrying out the invention and according to a third aspect thereof, there is provided an information provid- 
ing medium for providing a computer-readable program for making an information processing method for an infomnation 

40 processing apparatus managed by a management apparatus for decrypting encrypted Information and using decrypted 
information execute processing comprising the steps of: storing a discount amount of a usage fee of the encrypted infor- 
mation; generating information on charges including information for identifying the usage fee of the encrypted informa- 
tion; setting, to the information on charges, information that charges for the encrypted information is settled by 
discounting the discount amount; and sending, to the management apparatus, the infomiation on charges set with the 

45 information that charges for the encrypted information is settled by discounting the discount amount. 

[0008] According to the above-mentioned information processing apparatus, infomnation processing method, and 
information providing medium, a discount amount of information usage fee is stored, information on charges including 
infomnation for identifying the information usage fee is generated, infomnation charges is settled by reducing the dis- 
count amount, and infomiation on charges set with information that the infomnation charges is settled by reducing the 

50 discount amount is sent to the management apparatus. 

[0009] In carrying out the invention and according to a fourth aspect thereof, there is provided a management appa- 
ratus for managing an information processing apparatus that decrypts encrypted information to use decrypted informa- 
tion, comprising: storage means for storing a discount amount usable by the information processing apparatus; 
receiving means for receiving information on charges supplied from the information processing apparatus, including 

55 information for identifying a usage fee of the encrypted information, and set with infomnation that charges for the 
encrypted information is settled by discounting the discount amount; reading means for reading the usage fee of the 
encrypted infomnation from the information on charges; settling means for settling charges of the encrypted infomnation 
by subtracting the discount amount from the usage fee Identified by the information on charges; and computing means 
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for computing, on the basis of an amount of the charges settled by the settling means, a discount amount usable by the 
infonnation processing apparatus. 

[0010] In carrying out the invention and according to a fifth aspect thereof, there is provided a managing method for- 
a management apparatus for managing an information processing apparatus that decrypts encrypted information to 

5 use decrypted information, comprising the steps of: storing a discount amount usable by the information processing 
apparatus; receiving information on charges supplied from the information processing apparatus, including information 
for identifying a usage fee of the encrypted information, and set with information that charges for the encrypted infor- 
mation is settled by discounting the discount amount; reading the usage fee of the encrypted information from the infor- 
mation oh charges; settling charges of the encrypted information by subtracting the discount amount from the usage 

10 fee identified by the information on charges; and computing, on the basis of an amount of the charges settled in the set- 
tling step, a discount amount usable by the information processing apparatus. 

[0011] In carrying out the invention and according to a sixth aspect thereof, there is provided an information provid- 
ing medium for providing a computer- readable program for making a management apparatus for managing an informa- 
. tion processing apparatus that decrypts encrypted information to use decrypted information execute processing 

15 comprising the steps of: storing a discount amount usable by the information processing apparatus; receiving informa- 
tion on charges supplied from the information processing apparatus, including infonnation for identifying a usage fee of 
the encrypted information, and set with information that charges for the encrypted information is settled by discounting 
the discount amount; reading the usage fee of the encrypted information from the information on charges; settling 
charges of the encrypted information by subtracting the discount amount from the usage fee identified by the informa- 

20 tion on charges; and computing, on the basis of an amount of the charges settled in the settling step, a discount amount 
usable by the information processing apparatus. 

[0012] According to the above-mentioned management apparatus, managing method, and information providing 
medium, a discount amount usable by the infonnation processing apparatus is stored, information on charges supplied 
from the information processing apparatus, including infonnation for identifying a usage fee of the encrypted informa- 
25 tion, and set with information that charges for the encrypted information is settled by discounting the discount amount 
is received, the usage fee of the encrypted information is read from the received information on charges, charges of the 
encrypted infonnation is settled by subtracting the stored discount amount from the usage fee identified by the informa- 
tion on charges, and a discount amount usable by the information processing apparatus is computed on the basis of an 
amount of the charges settled. 

30 [0013] In carrying out the invention and according to a seventh aspect thereof, there is provided an information pro- 
viding system comprising: an information transmission apparatus for sending predetermined content data and a code 
indicative of predetermined information associated with usage of the content data; an infonnation processing apparatus 
for receiving the content data and the code and sending the code when using the content data; and a management 
apparatus for receiving the code and executing predetemnined processing using the predetermined information indi- 

35 cated by the code. 

[0014] According to the above-mentioned information providing system, when the content data are used, predeter- 
mined processing according to use of these content data can be executed and, at the same time, only changing the 
code specified by the management apparatus can easily execute different processing operations for the use of the con- 
tent data. 

40 [0015] In can-ying out the invention and according to an eighth aspect thereof, there is provided an information 
transmission apparatus managed by a management apparatus for sending predetermined content data to an informa- 
tion processing apparatus, the information transmission apparatus sending the predetermined content data and a code 
indicative of predetermined information associated with use of the predetermined content data, the code being sent 
from the information processing apparatus to the management apparatus when using the predetermined content data, 

45 the management apparatus executing predetermined processing using the predetermined information on the basis of 
the code received from the information processing apparatus. 

[0016] According to the above-mentioned information transmission apparatus, when the content data are used, the 
management apparatus can execute predetermined processing according to the use of the content data and, at the 
same time, only changing the specified code allows the management apparatus to easily execute different processing 

50 operations for the use of the content data. 

[001 7] In canying out the invention and according to a ninth aspect thereof, there is provided a management appa- 
ratus for managing an information processing apparatus for receiving predetermined content data from an information 
transmission apparatus, wherein the predetemnined content data and a code indicative of predetermined information 
associated with use of the content data are sent from the information transmission apparatus to the information 

55 processing apparatus and the code is sent, when using the content data, from the information processing-apparatus to 
the management apparatus, which executes, predetermined processing by use of the predetemnined information indi- 
cated by the received code. 

[0018] According to the above-mentioned management apparatus, when the content data are used, predetermined 
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"'^ °' ^"'^ "'^"'^"^^'^ ^"^^ ^'^^ fl'"^. °n'y Changing the specified 

code faciiitates different processing operations for the use of the content data 

p?^LinalraSrn''^Hr"'''°" ^"'^ ^"'^"''"^ '° ^ P^°^'^«d an information 

5 rZlTtl ^ ^ a management apparatus for receiving predetermined content data sent from an 

l«Tofnrir Tf '^"^ processing apparatus receiving the content data and a code indic- 

Td senTnateT °^ '^^"'-t data from the information transmission appals 

and sending the received code, when using the content data, to the management apparatus that executes predeter- 
mined processing by use of the predetermined information, s inai executes predeter 
10 s^2ct^.^^T"^ above-mentioned information processing apparatus, when the content data are used, only 
IZ n^T °"^'"9 '^'^^^ to management apparatus allows to execute the processing corresponding o the 
be r T'r'' ' ^P^^"^'^** '^^^"S^^' "management apparatus r,eed not 
pr:s::grttusro?t^^^^ — ™ ^ - ^-V —te d^ere^; 
IS Sina rrl^tS^'"^ 0"t the invention and according to an eleventh aspect thereof, there is provided an information 
a7JTJZ TV "l""^ ^ °' """''"9 "'''^^ Predetem,ined content data and a code indicative of 

to antfZrtt'n °' """^ ^" ■'"^'>""^«°" transmission apparatus 

o an information processing apparatus; code sending in which the content data and the code sent from the infornation 

20 codrsent frnm^h?,?'" *° " management apparatus; and processing executing in whfch the 

20 code sent from the information processing apparatus is received by the management apparatus and the management 

SST AloSL'r H '"^'"'"^ °' predetemiined infomiatlon indicated by the rSvS code 

So « 1° above-mentioned infomiation providing method, when the content data are used predeter- 

P ^"^S^'"^"^ ^PP^^^t"^ f^'^'I'tates different processing forthe use of the content data. ^ 

■ pXSg dralTni I'nThfch ' °' "^""^^'^ ^° ^''^ «-om- 

eSoLimentTtlTnSor'"^^ ' °' ^ ^^^^^ ^--^-9 ^ one 

■* [.'^^ ! ^ '^■'^S''^ illustrating a main information flow in the above-mentioned EMD system- 
»- IG 3 13 a block diagram Illustrating a functional configuration of an EMD service center 1 • 
HO 4 13 a diagram illustrating the transmission of a delivery key Kd of the EMD service center l • 
F G 5 IS funher diagram illustrating the transmission of the delivery key Kd of the EMD service center T 
Flu 6 IS another diagram illustrating the transmission of the delivery key Kd of the EMD service center 1 • 
F G 7 « still another diagram illustrating the transmission of the delivery key Kd of the EMD service center 1 • 
FIG 8 a diagram illustrating the provisional delivery key Kd of the EMD sen/ice center 1 • 
FIG 9 shows system illustrating an example of system registration information; 
riG. 1 0 Illustrates discount point information; 

FIG. 1 1 is a block diagram illustrating a functional configuration of a content provider 2- 
FIGS 12A and 12B illustrate examples of UCP {Usage Management Policy); 
FIGS 13A and 13B illustrate content management shifts; 
FIGS. 14A and 14B illustrate examples of a first-generation duplication; 
FIG. 15 illustrates an example of a content provider secure container; 
FIG 16 illustrates an example of a certificate of the content provider 2; 
■»s FIG 1 7 K a block diagram illustrating a functional configuration of a service provider 3- 
FIGS. 18A and 188 illustrate examples of PT (Price Tag); 
FIGS. 19A and 198 illustrate examples of other PTs; 
FIG. 20 illustrates an example of a sen/ice provider secure container; 
FIG. 21 illustrates an example of a certificate of the service provider 3- 

l\r II *n " illustrating a functional configuration of a receiver 51 of a user home network 5- 

FIG. 23 Illustrates an example of a certificate of a SAM (Secure Application Module: SAM is a module which exe- 

tPr^ =„H h^'^T^ • "9^VP'^'^«^^'"9 °f °°"tent. authentication processing, and the like in a content distribution sys- 
tem and has tamper resistance) 62 of the receiver 51 ; ■"""o" sys 

FIG. 24 illustrates an example of UCS (Usage Management Status)- 

eTof thV^cXfsl'f '"""''^"^ °' ^ "^^^e block 63A of an external storage block 

FIG. 26 illustrates an example of information on charges; 
FIG. 27 illustrates information stored in a storage module 73 of the receiver 51 ; 
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FIG. 28 illustrates reference information 51 ; 

FIG. 29 illustrates an exannple of discount point information of the reference information 51; 
FIG. 30 illustrates an example of a registration list; 
FIG. 31 is a flowchart describing content usage processing; 
5 FIG. 32 is a flowchart describing processing for transmitting the content key Kd to the content provider 2 by the 

EMD service center 1 ; 

FIG. 33 is a flowchart describing a cross-authentication operation between the content provider 2 and the EMD 
service center 1 ; 

FIG. 34 is a flowchart describing another cross-authentication operation between the content provider 2 and the 
10 EMD service center 1 ; 

FIG. 35 is a flowchart describing still another cross-authentication operation between the content provider 2 and 

the EMD service center 1 ; 

FIG. 36 is a flowchart describing the transmission of a content provider secure container to the service providers 
by the content provider" 2; 

15 FIG; 37 is a flowchart describing the transmission of a service provider secure- container to the receiver 51 by the 

service provider 3; 

FIG. 38 is a flowchart describing the reception of the service provider secure container by the receiver 51 ; 

FIG. 39 is a flowchart describing the processing by the receiver 51 for content reproduction; 

FIG. 40 is a flowchart describing settlement processing; 
20 FIG. 41 is a flowchart describing details of the settlement processing; 

FIG. 42 is a schematic diagram illustrating settlement processing using no discount point; 

FIG. 43 is a schematic diagram illustrating flows of notices of usage amount and discount amount; 

FIG. 44 is a schematic diagram illustrating settlement processing using discount point; 

FIG. 45 is another schematic diagram illustrating flows of notices of usage amount and discount amount; 
25 FIG. 46 is a block diagram illustrating a second embodiment of the EMD system; 

FIG. 47 is a block diagram illustrating a main information flow in the EMD system of the second embodiment; 

FIG. 48 is a block diagram illustrating a configuration of a content provider 111; 

FIGS. 49A and 49B illustrate UCPs including discount infomnation; 

FIG. 50 is a block diagram illustrating a configuration of a service provider 112; 
30 FIGS. 51 A and 51 B illustrate PTs including discount information; 

FIG. 52 is a block diagram illustrating a configuration of a receiver 1 13 of a user home network 114; 

FIG. 53 is a diagram illustrating information on charges including discount information; 

FIG. 54 is a diagram Illustrating another example of Infomriation on charges; 

FIG. 55 is a diagram illustrating another example of information on charges including discount infonnation; 
35 FIG. 56 is a block diagram illustrating a configuration of an EMD service center 110; 

FIG. 57 is a diagram illustrating a flow of discount information; 

FIG. 58 is a schematic diagram illustrating a settlement certificate generated in the EMD service center 110; 

FIG. 59 illustrates a UCP of single content; 

FIG. 60 illustrates a UCP of album content; 
40 FIG. 61 illustrates another UCP of single content; 

FIG. 62 illustrates another UCP of album content; 

FIG. 63 illustrates a PT of single content; 

FIG, 64 illustrates a PT of album content; 

FIG. 65 illustrates another PT of single content; 
45 FIG. 66 illustrates another PT of album content; 

FIG. 67 illustrates a UCS; 

FIG. 68 illustrates an example of information on charges; and 
FIG. 69 illustrates another example of infomnation on charges. 

50 [0024] This invention will be described in further detail by way of example with reference to the accompanying draw- 
ings. 

(1 ) Rrst embodiment 

55 [0025] The following describes a first embodiment of the invention. In order to clarify the correlation between the 
means of the invention described in the claims appended hereto and the components of the embodiment of the inven- 
tion, each of the means is followed by parentheses in which an example of the corresponding component of the embod- 
iment is enclosed. It should be noted however that each of the above means are not restricted to those described below. 
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[0026] Now, referring to FIG. 1 , there is shown an EMD (Electronic Music Distribution) system to which the present 
invention is applied. As shown, EMD system comprises an EMD service center 1 for handling registrations for the EMD 
system and managing various devices connected thereto, a content provider 2 for providing content, a service provider 
3 for providing predetermined services corresponding to the content, and a user home network 5 composed of devices 
on which the content is used (in the present example, a receiver 51). 

[0027] Content delivered (or provided) to devices (for example, to the receiver 51) registered In the EMD system 
denotes digital data in which Information itself has a value. In the present example, one item of content is equivalent to 
one title of music data. Users purchase provided content (actually buy the right to use the provided content) and use 
the purchased content for reproduction or duplication. 

[0028] As shown in FIG. 2 illustrating a principle information flow in the EMD system, the EMD service center 1 
sends delivery key kd necessary for use of content to the user home network 5 and the content provider 2. The EMD 
service center 1 receives information such as infomriation on charges from a device of the user home network 5 for set- 
tlement on usage of the content by the user. 

[0029] The content providers 2 holds content to be provided (encrypted by content key Kco), content key Kco 
(encrypted by delivery key Kd) necessary for decrypting encrypted content, and a UCP (Usage Control Policy) indica- 
tive of the infomnation about use of content and provide these items to the service provider 3 in a form of content pro- 
vider secure container to be described later. 

[0030] The service providers 3 generates one or more pieces of price infonnation known as PT (Price Tag) corre- 
sponding to the UCP provided from the content provider 2 and holds the PTs. The service provider 3 sends to the user 
home network 5 the generated PT along with the content (encrypted by content key Kco) provided from the content pro- 
vider 2. content key Kco (encrypted by delivery key Kd), and the UCP in the form of service provider secure container 
through a network 4 made up of a dedicated cable network, the Internet, of a satellite communication network. 
[0031] On the basis of the provided UCP and PT, the user home network 5 generates a UCS (Usage Control Sta- 
tus) and executes the processing for using the content on the basis of the generated UCS. The user home network 5 
25 also generates information on charges at the time when the UCS is generated and sends the generated infonnation on 
charges to the EMD service center 1 along with the infomrialion such as the UCP and PT corresponding thereto at the 
time when delivery key Kd is provided, for example. It should be noted that the user home network 5 may be adapted 
not to send the UCP and PT to the EMD service center 1 . 

[0032] Referring to FIG. 3, there is shown a block diagram indicative of a functional configuration of the EMD serv- 
30 ice center 1 A service provider management block 1 1 provides profit-sharing information (to be described later) to the 
service provider 3. A content provider management block 12 sends delivery key Kd and provides profit-sharing infonna- 
tion to the content provider 2. 

[0033] The copyright management block 13 sends information indicative of content usage results of the user home 
network 5 to a copyright managing organization, for example JASRAC (Japanese Society for Rights of Authors, Com- 
35 posers and Publishers). 

[0034] A key server 1 4 stores delivery key Kd and supplies It to the content provider 2 through the content provider 
management block 12 and the user home network 5 through a user management block 18. 

[0035] The following describes devices of the user home network 5 officially registered for this EMD system and the 
delivery key Kd from the EMD service center 1 to be provided to the content provider 2 with reference to FIGS. 4 
40 through 7. 

[0036] FIG. 4 shows delivery keys Kd held by the EMD service center 1 , delivery keys Kd held by the content pro- 
vider 2, and delivery keys Kd held by the receiver 51 at the time of January 1998. for example, on which the content 
provider 2 starts providing content and the receiver 51 constituting the user home network 5 starts using the content. 
[0037] In the example shown in FIG. 4. each delivery key Kd is valid from the first day of each month as shown to 
45 the last day of the month. For example, version-1 delivery key Kd having a value "aaaaaaaa", a random number having 
the predetermined number of bits, is valid from January 1, 1998 to January 31, 1998 (namely, content key Kco for 
encrypting content to be delivered through the service provider 3 to the user home network 5 during a period starting 
on January 1 , 1 998 and ending on January 31 . 1 998 is encrypted by ver^ion-1 delivery key Kd), Version-2 delivery key 
Kd having a value "bbbbbbbb", a random number having the predetemnined number of bits, Is valid from February 1, 
1 998 to February 28, 1 998 (namely, content key Kco for encrypting content to be delivered through the service provider 
3 to the user home networks during this period is encrypted by version-2 delivery key Kd). Likewise, version-3 delivery 
key Kd is valid in March 1 998, version-4 delivery key Kd is valid in April 1 998, version-5 delivery key Kd is valid in May 
1998. and version-6 delivery key Kd is valid in June 1998. 

[0038] Before the content provider 2 starts providing content, the EMD service center 1 sends to the content pro- 
vider 2 six delivery keys Kd of version 1 through version 6 which are valid from January 1 998 to June 1 998. The content 
provider 2 receives these six delivery keys Kd and stores them. The delivery keys Kd for six months are stored because 
the content provider 2 requires a predetermined period for preparing the content to be provided and for encrypting the 
content key prior to content delivery. 
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[0039] Before the receiver 51 starts using the content, the EMD service center 1 sends to the receiver 51 three 
delivery keys Kd of version 1 through version 3 which are valid from January 1998 to March 1998. The receiver 51 
receives these three delivery keys Kd and stores them. The delivery keys Kd for three months are stored for the receiver 
51 to avoid situations such that the receiver 51 cannot use the content due to troubles such as the failure to establish 
5 connection to the EMD service center 1 even during the contract period. This key storage is also made to reduce the 
frequency of connection to the EMD service center 1 to reduce the load of the user home network 5. 
[0040] During the period from January 1 , 1 998 to January 31 , 1 998, version-1 delivery key Kd is used by the EMD 
service center 1 , the content provider 2, and receiver 51 constituting the user home network 5. 

[0041] The following describes the transmission of delivery keys Kd of the EMD service center 1 to the content pro- 
10 vider 2 and the receiver 51 as of February 1, 1998 with reference to FIG. 5. The EMD service center 1 sends to the 

content provider 2 six delivery keys Kd of version 2 through version 7 which are valid from February 1 998 to July 1998. 

The content provider 2 receives these six delivery keys and writes them over the previously stored delivery keys Kd. 

The EMD service center 1 sends to the receiver 51 three delivery keys Kd of version 2 through version 4 which are valid 

from February 1998 to April 1998. The receiver 51 receives these keys and writes them over oh the previously stored 
15 delivery keys Kd. The EMD service center 1 stores the version-1 delivery key as it is. By doing so, the EMD service 

center can use the delivery keys Kd used in the past should unexpected troubles occur or unauthorized activities occur 

or be found. 

[0042] During a period starting from February 1. 1998 to February 28, 1998, version-2 delivery key Kd is used by 
the EMD service center 1 , the content provider 2, and the receiver 51 constituting the user home network 5. 
20 [0043] The following describes the transmission of delivery keys Kd of the EMD service center 1 to the content pro- 
vider 2 and the receiver 51 as of March 1, 1998 with reference to FIG. 6. The EMD service center 1 sends to the content 
provider 2 the six delivery keys Kd of version 3 through version 8 which are valid from March 1 998 to August 1 998. The 
content provider 2 receives these six keys and writes them over on the previously stored delivery keys Kd. The EMD 
service center 1 sends to the receiver 51 the three delivery keys Kd of version 3 through version 5 which are valid from 
25 March 1998 to May 1998, The receiver 51 receives these three keys and writes them over on the previously stored 
delivery keys Kd. The EMD service center 1 stores version-1 delivery key Kd and version-2 delivery key Kd as they are. 
[0044] During a period starting from March 1, 1998 to March 31, 1998, version-3 delivery key Kd is used by the 
EMD service center 1 , the content provider 2, and the receiver 51 constituting the user home network 5. 
[0045] The following describes the transmission of delivery keys Kd of the EMD service center 1 to the content pro- 
se vider2 and the receiver 51 as of April 1. 1998 with reference to FIG. 7. The EMD service center 1 sends to the content 
provider 2 six delivery keys Kd of version 4 through version 9 which are valid from April 1998 to September 1 998. The 
content provider 2 receives these six keys and writes them over on the previously stored delivery keys Kd prior to 
receiving the keys. The EMD service center 1 sends to the receiver 51 the three delivery keys Kd of version 4 through 
version 6 which are valid from April 1 998 to June 1 998. The receiver 51 receives these three keys and writes them over 
35 on the previously stored delivery keys Kd. The EMD service center 1 stores version-1 delivery key Kd, version-2 deliv- 
ery key Kd, and version-3 delivery key Kd as they are. 

[0046] During a period from April 1 , 1 998 to April 30, 1 998, the version-4 delivery key Kd is used by the EMD serv- 
ice center 1 , the content provider 2, and the receiver 51 constituting the user home network 5. 

[0047] Thus, distribution of delivery keys Kd for months ahead allows a user to purchase content, even if the user 
40 does not access the EMD service center 1 at all for one or two months, and receive necessary delivery key Kd when 
the user accesses the EMD service center 1 as time being. 

[0048] The delivery keys Kd of 3 or 6 months are distributed, as described, to the device of the user home network 
5 which has been officially registered in the EMD system and to the content provider 2. The other device which is not 
officially but provisionally (details to be described later) registered in the EMD system, of the user home network 5 is 

45 distributed with not delivery keys Kd for three months but provisional delivery key Kd for 1 month as shown in FIG. 8. In 
the present example, such a registration procedure taking about 1 month as credit granting processing is required for 
officially registering each device of the user home network 5 into the EMD system. Therefore, also during a period 
(about 1 month) between the application for official registration and the credit granting thereof, the delivery keys Kd usa- 
ble for that period are distributed to the device not officially but provisionally registered device. 

50 [0049] Referring to FIG. 3 again, the history data management block 15 stores the information on charges, and the 
PT and UCP corresponding to that content supplied from the user management block 1 8. 

[0050] The profit distribution block 1 6 computes the profits for the EMD service center 1 , the content provider 2, and 
the service provider 3 on the basis of various pieces of infonnation supplied from the history data management block 
15 and outputs the computational results to the service provider management block 1 1 , the content provider manage- 
55 ment block 1 2, the cashier block 20, and the copyright management block 1 3. 

[0051 ] A profit (amount) of the content provider 2 (hereafter referred to as a CP profit amount) and a profit (amount) 
of the service provider 3 (hereafter referred to as A SP profit amount) are obtained from following equations (1 ) and (2) 
respectively: 
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CP profit amount = CP share amount - CP commission - CP discount amount (1 ) 

SP profit amount = SP share amount - SP commission - SP discount amount (2) 

[0052] The CP share amount is assumed In the present example to be 60% of content usage fee (refer to equation 
(3) below). The SP share amount is assumed to be 40% of content usage fee (refer to equation (4) below). 

CP share amount = usage fee x 0.6 (3) 

SP share amount = usage fee x 0.4 (4j 

[0053] In the above equations, the CP commission in the above equation (1) denotes fees for various processing 
operations performed on the content provider 2 of the EMD service center 1 . The CP commission is assumed to be 1 0% 
(refer to equation (5) below) of the CP share amount in the present example. The SP commission in the above equation 
(2) denotes fees for various processing operations perfomned on the service provider 3 of the EMD service center 1 
The SP commission is also assumed to be 1 0% (refer to equation (6) below) of the SP share amount. 



CP commission = CP share amount x 0.1 



(5) 



SP commission = SP share amount x 0.1 (6) 

[0054] In equation (1 ) above, the discount amount denotes a predetermined discount amount that the user can use 
at the purchase of content (hereafter refen-ed to as a user discount amount). This is a shared amount of the content 
provider 2, which is assumed to be 20% (refer to equation (7) below) of the user discount amount in the present exam- 
25 pie. Ukewise, the SP discount amount in equation (2) above is a shared amount of the user discount amount by the 
service provider 3. which is assumed to be 30% (refer to equation (8) below) of the user discount amount. 

CP discount amount = user discount amount x 0.2 (7) 

SP discount amount = user discount amount x 0.3 (8) 

[0055] It should be noted that the user discount amount is assumed to be 1 0% (refer to equation (9) below) of the 
fee to be actually paid by the user (hereafter refen-ed to as a user payment amount). 



User discount amount = user payment amount x 0.1 



(9) 



[0056] The profit (amount) (hereafter referred to as an EMD profit amount) of the EMD service center 1 is obtained 
from equation (10) below: 

EMD profit amount = CP commission + SP commission - EMD discount amount (10) 

[0057] CP commission is obtained from equation (5) above and SP commission from equation (6) above EMD 
service center discount amount (hereafter referred to as EMD discount amount) is a shared amount by the EMD service 
center 1 of the user discount amount and assumed to be 50% thereof (refer to equation (1 1 ) below) 



EMD discount amount = user discount amount x 0.5 



(11) 



[0058] The cross-authentication block 1 7 executes cross authentication between the content provider 2 the service 
provider 3, and the device of the user home network 5, 

[0059] The user management block 1 8 manages infomiation associated with the devices of the user home network 
5 which can be registered in the EMD system (this infonnation hereafter referred to as system registration information) 
The system registration information includes "SAM ID; "Device Number," "Settlement ID," "Settlement User Informa- 
tion," plural pieces of "Subordinate User Information," and "Discount Point Information" as shown in FIG 9 

l°u°^oL. ."r^^^ ^^""'^^ '''''^^^'^ ^®vice constituting the user home network 5 

The SAM ID stores ID of a SAM 62 in the receiver 51 shown in FIG. 9. 

[0061] "Device Number" has a device number preset to a device having a SAM in the user home network 5 If the 
device m the user home network 5 has a capability of communicating with the service provider 3 through the network 4 
and directly with the EMD service center 1 (namely, if the device has a communication block) and a capability of output- 
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ting (or displaying) the descriptions of UCP and FT for example to the user and allowing the user to select the usage 
description of UCP (namely, if the device has a display block and an operator block), the device (hereafter referred to 
as a main device) is assigned with a device number 100 or higher. If the device has no such capabilities, the device 
(hereafter referred to as a subordinate device) is assigned with a device number 99 or lower. In present example, the 
5 receivers 51 and 201 have each a device having the above-mentioned capabilities, so that the device is assigned with 
a device number 1 GO or higher (1 00 in present example). Thus, device number 1 00 is set to the device number corre- 
sponding to the SAM 62 of the receiver 51 as shown in FIG. 9. 

[0062] "Settlement ID" has a predetermined settlement ID to be assigned at the official registration in the EMD sys- 
tem. In present example, the receiver 51 is officially registered for a settlement user and assigned a settlement ID, so 
10 that this assigned settlement ID is recorded in "Settlement ID" corresponding to the ID of the SAM 62 of the system reg- 
istration information shown in FIG. 9. 

[0063] "Settlement User Information" includes the name, address, telephone number, settlement organizations 
information (for example, credit card number), birthday, age, gender, ID, and password for example of the user for whom 
charges is settled (this user is hereafter referred to as a settlement user). 

15 [0064] The settlement user's name, address, telephone number, settlement organization information, birthday, age, 
gender, ID, and password to be set to "Settlement User Information" (if these items of infomnation set for the settlement 
user need not be distinguished from each other, they are hereafter generically referred to as user generation informa- 
tion) are provided by the settlement user at the time of application for the official registration. In present example, the 
name, the address, the telephone number, and the settlement organization information need to be correct valid infor- 

20 mation (for example, the information registered in a settlement organization) because credit-granting processing is exe- 
cuted on the basis of these items of information. In the present example, the birthday, the age, and the gender need not 
be correct because they are not used for credit granting processing and therefore the user is not always required to sub- 
mit them. The ID and password of the settlement user to be recorded in the "Settlement User Information" are assigned 
and set at the time of the provisional registration in the EMD system. 

25 [0065] In the present example, with the receiver 51 , user F is registered as the settlement user, so that the user 
general information, ID, and password provided by user F are set to "Settlement User Information" corresponding to the 
ID of the SAM 62 of the system registration information shown in FIG. 9. In the present example, user F is assumed to 
be male. 

[0066] Each "Subordinate Users Infomnation" stores the name, address, telephone number, birthday, age, gender, 
30 ID, and password for example of a user for whom charges is not settled (this user is hereafter referred to as a subordi- 
nate user). Namely, of the item of information to be set to "Settlement User Information." the items of information other 
than the settlement organization information are set. Because no credit granting processing is executed for the subor- 
dinate user, the subordinate user's name, address, telephone number, birthday, age, and gender need not be correct. 
For example, the name may be a dummy name or a nickname. The name is used for identifying the user, but the user 
35 need not provide the other information. The ID and password of the subordinate user to be set to "Subordinate User 
Information" are assigned and set at the time of provisional or official registration. 

[0067] In the present example, no subordinate user is registered for the receiver 51 , so that no information is set to 
"Subordinate User Information" con-esponding to the ID of the SAM 62 of the system registration information shown in 
FIG. 9. 

40 [0068] "Discount Point Information" has a discount point outputted from the profit distribution block 16. In the 
present example, the discount point is equal to the discount amount (yen). FIG. 1 0 shows the CP discount amount, SP 
discount amount, and EMD discount amount given to user F when user F purchased 1 000 yen of content. 
[0069] The CP discount amount is obtained from equation (7) above to be 20 (= 1 000 x 0.1 x 0.2) yen. The SP dis- 
count amount is obtained from equation (8) above to be 30 (= 1000 x 0.1 x 0.3) yen. The EMD discount amount is 

45 obtained from equation (1 1) above to be 50 (= 1 000 x 0.1 x 0.5) yen. In the present example, the user discount amount 
is 1 00 (= 20 + 30 + 50) yen. 

[0070] In addition to management of the above-mentioned system registration information, the user management 
block 18 generates a registration list (to be described later) in con-espondence with predetermined processing and 
sends it along with delivery key Kd to the user home network 5. 

50 [0071 ] Refen-ing to FIG. 3 again, an charging block 1 9 computes a content usage fee on the basis of the information 
on charges. UCP, PT, and user discount amount supplied from the history data management block 15 to obtain the 
amount to be paid by a user and supplies the computed content usage fee to the cashier block 20 and the profit distri- 
bution block 16. For example, if infonnatlon on charges A. UCP A, and PT A-1 are supplied from the history data man- 
agement block 15, then the charging block 19 recognizes the UCP A corresponding to the information on charges of 

55 this time from the ID set to "UCP ID" of information on charges A and recognizes that the UCP A has been supplied 
from the history data management block 15. 

[0072] The charging block 1 9 recognizes the PT A-1 corresponding to the information on charges of this time from 
the ID set to "PT ID" of information on charges A and recognizes that it has been supplied from the history data man- 
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agement block 15. When the UCP A and PT A-l are found supplied thereto, the charging block 1 9 recognizes that the 
ID set to "ID" of "Usage Description" of infonrjation on charges A is the ID of "Usage Description 11" of the UCP A and 
detects "2000 yen" set to "Price Description 11" of the con-esponding PT A-1 as the usage fee of the content. 
[0073] If the usage of discount point is requested by the user, the charging block 1 9 subtracts the user discount 
5 amount supplied from the user management block 18 from the detected content usage fee. obtaining a user payment 
amount (refer to equation (12) below). 

User payment amount = content usage fee - user discount amount (12) 

10 [0074] If the user does not request the usage of discount point, the content usage fee is equal to the user payment 
amount. 

[0075] The cashier block 20 communicates with external financial organizations such as banks not shown to exe- 
cute settlement processing on the basis of the amounts payable to or receivable from the user, the content provider 2 
and the service provider 3. And besides, the cashier block 20 notifies the result of the settlement processing to the user 
15 management block IB. 

[0076] The audit block 21 checks the information on charges., PT and UCP supplied from the device of the user 
home network 5 for validity (or unauthorized activities). In the present example, the EMD service center 1 receives UCP 
from the content provider 2, PT from the service provider, and UCP and PT from the user home network 5. 
[0077] Referring to FIG. 1 1 , there is shown a block diagram indicative of a functional configuration of the content 
provider 2. A content server 31 stores content to be provided to the user and sends the content to a watennark attach- 
ment block 32. The watermark attachment block 32 attaches a watermark (or an electronic watermark) to the content 
and supplies the resultant content to a compression block 33. 

[0078] The compression block 33 compresses the content supplied from the watermark attachment block 32 by use 
of a compression scheme such as ATRAC2 (Adaptive Transform Acoustic Coding 2) (trademark) and supplies the com- 
pressed content to an encryption block 34. The encryption block 34 encrypts the compressed content with a key con- 
sisted of a random number supplied from a random number generation block 36 (this random number hereafter being 
referred to as content key Kco) by adopting a common key cryptography such as DES (Data Encryption Standard) and 
outputs the encrypted content to a secure container generation block 38. 

[0079] The random number generation block 35 supplies a random number having the predetermined number of 
bits for providing the content key Kco to the encryption block 34 and another encryption block 36. The encryption block 
36 encrypts content key Kco by use of delivery key Kd supplied from the EMD service center 1 through a common key 
encryption scheme such as DES, and outputs encrypted content key Kco to the secure container generation block 38. 
[0080] DES is the encryption scheme which uses a 56-blt common key to process 64 bits of plaintext as one block. 
The DES processing is composed of a data permutation block in which plaintext is permuted into ciphertext and a key 
processing block in which a key (or an enlargement key) for use in the data permutation block is generated from the 
common key All algorithms of DES are publicized, so that only the basic processing of the data permutation block will 
be described below. 

[0081] First, the 64 bits of plaintext are divided into high-order 32 bits Hq and low-order 32 bits Lq. From an input of 
a 48-bit enlargement key K^ and the low-order 32 bits Lq supplied from the key processing block, an output of F function 
obtained by permutating the low-order 32 bits Lq is computed. F function is consisted of two basic transformations- sub- 
stitution for substituting numeric values by a predetermined law and transposition in which bit positions are transposed 
by a predetermined law. Next, the high-order 32 bits Hq is exclusively ORed with the output of F function, obtaining a 
result thereof being and Lq being H^. 

[0082] On the basis of the high-order 32 bits Hq and the low-order 32 bits Lq, the above-mentioned process is iter- 
ated 1 6 times, resultant high-order 32 bits Hie and low-order 32 bits L^e being output as ciphertext. Decryption of the 
ciphertext is realized by use of the common key used in the encryption and by following the above-mentioned process 
in the reverse order. 

[0083] A policy storage block 37 stores the UCP corresponding to content and outputs the UCP to the secure con- 
tainer generation block 38. FIGS. 12A and 12B show UCP A and UCP B, respectively, which are set for content A stored 
in the content server 31 and are stored in the policy storage block 37. The UCP includes predetermined infomiation for 
Items such as "Content ID," "Content Provider ID," "UCP ID," "Valid Period of UCP." "Usage Condition " and "Usage 
Description." Set to "Content ID" is the ID of the content corresponding to the UCR The ID of content A is set to "Content 
ID" of UCP A (FIG. 12A) and UCP B (FIG. 12B), respectively 

[0084] "Content Provider ID" has the ID of the content provider from which the content is provided The ID of the 
content provider 2 is set to the "Content Provider ID" of UCP A and UCP B. Set to "UCP ID" is the predetermined ID 
assigned to each UCR The ID of UCP A is set to "UCP ID" of UCP A and the ID of UCP B is set to "UCP ID" of UCP B 
Set to "Valid Period of UCP " is the information indicative of the valid period of the UCR The valid period of UCP A is 
set to "Valid Period of UCP" of UCP A and the valid period of UCP B is set to "Valid Period of UCP" of UCP B 
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[0085] "Usage Condition" has predetemriined information corresponding to "User Condition" and "Device Condi- 
tion." Set to -User Condition" is information indicative of a user predetermined condition allowing the selection of this 
UCP. Set to "Device Condition" is information indicative of device predetermined condition allowing the selection of this 
UCR 

5 [0086] For UCP A. "Usage Condition 1 0" is set. "User Condition 1 0" of "Usage Condition 1 0" has information ("1 00 
YEN OR MORE") indicative of a condition that the user discount amount Is 100 yen or more. "Device Condition 10" of 
"Usage Condition 10" has information ("No condition") indicative that there is no condition. Nanriely, only a user having 
a user discount point of 100 yen or more selects UCP A. 

[0087] For UCP B, "Usage Condition 20" is set. "User Condition 20" of "Usage Condition 20" has information 
10 ("lower than 1 00 yen") indicative of a condition that the user discount amount is lower than 1 00 yen. "Device Condition 
20" of "Usage Condition 20" has information ("No condition") indicative that there is no condition. Namely, only a user 
having a user discount amount of lower than 100 yen selects UCP A. 

[0088] "Usage Description" includes predetermined information for "ID," "Form," "Parameter," and "Management 
shift permit information." Set to "ID" is a predetermined ID assigned to infbrniatioh to be set to'"Usage Description." Set 
15 to "Form" is information indicative of content's usage forms such as reproduction and duplication. Set to "Parameter" is 
predetermined information corresponding to the usage form set to "Form." 

[0089] "Management shift permit information" has information indicative whether content management shift is ena- 
bled or not (permitted or not). When a content management shift occurs, the content is duplicated into a destination 
device without leaving a source device as shown in FIG. 13A. Namely, the same content is used by both the source and 
20 destination devices. This is different from a usual content management shift in which, as shown in FIG. 1 3B, content is 
moved to a destination device, leaving a source device and therefore the content is available only in the destination 
device. 

[0090] It should be noted that, while a content management shift is in process, the source device is not allowed to 
shift content to another destination device as shown in FIG. 13A. Namely, the content is held only by the two devices, 
25 between one source and one destination. This is different from first-generation duplication in which two or more dupli- 
cations (of the first generation) can be generated from original content as shown in FIG. 14A. This is also different from 
one-time-only duplication shown in FIG. 148 because the content shifted to one destination device can be retrieved 
therefrom and then passed to another destination device. 

[0091] Referring to FIG. 12A again, four pieces of infomiation of "Usage Description 11" through "Usage Descrip- 
30 tion 14" are set to UCP A. In "Usage Description 11," "ID 11" has a predetermined ID assigned to "Usage Description 
11." "Form 11" has Information ("Reproduction by Purchase") indicative of the usage form for purchase content for 
reproduction. "Parameter 11" has predetennined information for "Reproduction by Purchase." "Management shift per- 
mit information 11" has "Yes" indicative of permission of content management shift. 

[0092] In "Usage Description 12." "ID 12" has a predetermined ID allocated to "Usage Description 12." "Form 12" 

35 has information ("First-generation duplication") indicative of a usage form in which first generation duplication is to be 
made. As shown in FIG. 14A, in the first- gene ration duplication, plural first-generation duplications can be made from 
the original content but no second-generation duplication can be made from the first-generation duplication (such dupli- 
cation is not permitted). "Parameter 12" has predetermined information corresponding to "First-generation duplication." 
"Management shift permit information 12" has "No" indicative of no permission of content management shift. 

40 [0093] In "Usage Description 13," "ID 13" has a predetermined ID assigned to "Usage Description 13." "Form 13" 
has infonnation ("Time-limited Reproduction") indicative of a usage form in which the content is reproduced only in a 
predetermined period. "Parameter 13" has the start and end of the predetennined period for "Time-limited Reproduc- 
tion." "Management shift permit information 13" has "NO" indicative of no permission of content management shift. 
[0094] In "Usage Description 14," "ID 14" has a predetermined ID assigned to "Usage Description 14." "Form 14" 

45 has infonnation ("Pay Per Copy 5") indicative of a usage form in which duplication is made 5 times. It should be noted 
that, in this case too, no duplication can be made from another duplication as shown in FIG. 148 (such duplication is 
not permitted). "Parameter 14" has information indicative that duplication can be made 5 times ("Duplication 5 Times"). 
"Management shift permit infonnation 14" has "No" indicative of no permission of content management shift. 
[0095] UCP B shown in FIG. 12B has two usage descriptions, "Usage Description 21 " and "Usage Description 22." 

50 In "Usage Description 21 ," "ID 21" has a predetermined ID allocated to "Usage Description 21 ." "Form 21" has informa- 
tion ("Pay Per Play 4") indicative of a usage form in which reproduction can be made 4 times. "Parameter 21" has infor- 
mation indicative that reproduction can be made 4 times ("Reproduction 4 Times." "Management shift perniit 
information 21 " has "No." 

[0096] In "Usage Description 22," "ID 22" has a predetermined ID allocated to "Usage Description 22." "Form 22" 
55 has "Pay Per Copy 2." "Parameter 22" has information indicative of "Duplication twice" reflecting the information of ' 
"Form 22." "Management shift permit infonnation 1 1 " has "No." 

[0097] Comparison between the details of UCP A and those of UCP B shows that the user having 1 00 yen or more 
discount amounts can select a usage description from four usage descriptions 1 1 through 14 while the user having dis- 
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count points of less than 1 00 yen is allowed only two usage descriptions 21 and 22 to select. 

[0098] Referring to FIG. 1 1 again, the secure container generation block 38 generates a content provider secure 
container consist.ng of content A (encrypted using a content key KcoA), the content key KcoA (encrypted using delivery 
key Kd) UCP A. UCP B. and a signature, for example, as shown in FIG. 15. The signature is obtained by encrypting a 
hash value obtained by applying a hash function to data to be transmitted (in this case, all of the content A encrypted 
using the content key KcoA, the conient key KcoA encrypted using the delivery key Kd, UCP A, and UCP B) with use 
of a secret key (in this case, a secret key Kscp of the content provider 2) of public key cryptography 
[0099] The secure container generation block 38 also attaches a certificate of the content provider 2 shown in FIG 
1 6 to the generated content provider secure container and sends them to the service provider 3. This certificate is con- 
sisted of the version number of the certificate, the serial number of the certificate assigned to the content provider 2 by 
a certi icate authority, the algorithm and parameter used for signing the certificate, the name of the certificate authority 
the valid penod of the certificate, the name of the content provider 2. the public key Kpcp of the content provider 2 and 
the signature (encrypted by the secret key Ksca of the certificate authority). 

^V°.°ii w "^^ ^■'9"3*"''s the data used for checking tampering and creator authentication. The signature is gener- 
ated by obtaining a hash value by applying a hash function to the data to be transmitted and encrypting the obtained 
hash value by the secret key of public key cryptography. 

[0101] The following describes matching between the hash function and the signature. The hash function is used 
to compress predetermined data to be transmitted into data having a predetermined bit length and outputs these data 
as a hash value. The hash function is characterized by that it is difficult to predict the input from a hash value (output) 
the change of a single bit in the data inputted into the hash function causes the change of many bits of the hash value 
and It IS difficult to search for input data having a same hash value. 

[0102] A receiver who received a signature and data decrypts the signature by the public key of public key cryptoq- 
raphy and gets a result (a hash value) of the decryption. Further, a hash value of the received data is computed and the 
computed hash value is matched against the hash value obtained by decrypting the signature. If a match is found it 
indicates that the received data are not tampered and therefore they are as sent from a sender who has the secret key 
corresponding to the public key Of the hash function for signature, MD4, MD5, or SHA-1 is available for example 
[0103] The following describes public key cryptography Unlike common key cryptography in which a same key (a 
common key) is used in encryption and decryption, public key cryptography uses different keys for encryption and 
decryption. In public key cryptography, one of the keys is made public while the other is kept secret. The key made pub- 
lic IS referred to as a public key. The key kept secret is referred to as a secret key 

[0104] The following briefly describes RSA (Rlvest-Shamir-Adleman), a representative publfc key cryptography. 
First, two sufficiently large prime numbers p and q are obtained. Then, product n of p and q is obtained. Lowest common 
multiple L between (p-1) and (q-1) is computed. Further, number e which is 3 or higher and less than L and mutually 
prime with L (namely, e and L can be commonly divided only by 1). 

[0105] Next, multiplication inverse d of number e associated with a multiplication to modulus L is obtained Namely 
I ".J '^°ty!^ established between d. e. and L. d being computed by Euclidean algorithm. At this time, n and e pro- 
vide the public key and p, q and d provide the secret key. 

[0106] Ciphertext C is computed from plaintext M by the processing of equation (13): 



C = M'^emodn ^.,3^ 



[0107] Ciphertext C is decrypted into plaintext M by the processing of equation (1 4): 

MsC^dmodn ^^^^ 

[0108] Although the proof is omitted herein, the encryption and decryption by RSA are based on Fermafs Little 
Theorem, in which equation (15) is established: e'luciis. uinie 

M=C^d=(MAe)'vd=MA(ed)=Mmodn (15) 

[0109] If secret keys p and q are known, secret key d can be computed from public key e. But, if the number of digits 
of public key n is increased to a degree which makes quantitatively difficult the factorization of public key n into prime 
factors, knowing only public key n cannot compute secret key d from public key e. disabling the decryption Thus in RSA 
encryption scheme, a key for encryption can be made different from a key for decryption 

[01 10] The following briefly describes elliptic curve cryptography, another example of public key cryptography Let 
a certain point on an elliptic curve yA2 = xA3 + ax + bbeB. Define the addition of the point on the elliptic curve nB 
represents a result of the addition of B by n times. Likewise, define the subtraction. It has been proven difficult to com- 
pute n from B and nB. 8 and nB provide the public key and n provides the secret key Using random number r cipher- 
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texts C1 and C2 are computed from plaintext M by the processing of equations (16) and (1 7): 

CI = M + rnB (16) 

C2 = rB (17) 
[0111] Ciphertexts CI and C2 are decrypted into plaintext M by the processing of equation (18): 

M = CI - nC2 (18) 



[0112] Ciphertexts that can be decrypted are only those having secret key n. Thus, like RSA, elliptic curve cryptog- 
raphy can make the key for encryption different from the key for decryption. 

[0113] Refen-ing to FIG. 11 again, before receiving delivery key Kd from the EMD service center 1, the cross- 
authemicatibn block 39 of the-co sendihga' 

15 content provider secure container to the service provider 3, the cross -authentication block 39 may cross-authenticate 
with the service provider 3. In the present example, however, because the content provider secure container has no 
information which should be kept confidential, this cross-authentication is not necessarily required. 
[0114] Now, refen-ing to FIG. 1 7, the functional configuration of the service provider 3 will be described. A content 
server 41 stores the content (encrypted by content key Kco), content key Kco (encrypted by delivery key Kd), UCR and 

20 signature included in a content provider secure container supplied from the content provider 2 and supplies them to a 
secure container generation block 44. 

[01 1 5] A value attachment block 42 verifies the con-ectness of the content provider secure container on the basis 
of the signature included therein. In doing so, this block verifies the certificate of the content provider 2. If the certificate, 
is found connect, this block obtains the public key of the content providers On the basis of the obtained public key, this 
pr> block verifies the conrectness of the content provider secure container. 

[01 16] (f the content provider secure container is found correct, the value attachment block 42 generates a PT cor- 
responding to the UCP contained in the content provider secure container and supplies generated PT tothe secure 
container generation block 44. FIGS. 1 8A and 1 8B show PT A-1 and PT A-2, respectively, generated in con-espondence 
with the UCP A shown in FIG. 12A. The PT includes items of information which are set to "Content ID," "Content Pro- 
vider ID.* 'UCP ID." "Service Provider ID." "PT ID," "PT Valid Period." "Price Condition," and "Price Description." 
[0117] The con-esponding items of infonnation are set to "Content ID." "Content Provider ID," and "UCP ID" of the 
H : . Id be specific, the ID of content A is set to "Content ID" of PT A-1 and PT A-2. The ID of the content provider 2 is 
set tc •Content Provider ID" of these PTs. The ID of UCP A is set to "UPC ID" of these PTs. 

[0118] "Service Provider ID" contains the ID of the service provider 3 from which the PT has been supplied. "Serv- 
.t'. ictf P'ov der ID" of PT A-1 and PT A-2 has the ID of the service provider 3. "PT ID" has a predetermined ID assigned to 
eacti PT -FT ID" of PT A-1 has the ID of PT A-1 . "PT ID" of PT A-2 has the ID of PT A-2. "Valid Period of PT' has infor- 
mation indicative of the valid period of the PT "Valid Period of PT" of PT A-1 has the valid period of PT A-1 . "Valid Period 
of PT" of PT A-2 has the valid period of PT A-2. 

[0119] As with the case of "Usage Condition" of UCP, "Price Condition" has predetermined information con-espond- 
ing to the items of "User Condition" and "Device Condition." "User Condition" has information indicative of a user con- 
dition pennitting the selection of this PT. "Device Condition" has infomiation indicative of a device condition permitting 
the selection of this PT. 

[0120] In the case of PT A-1 , "Price Condition 10" is set. "User Condition 10" of "Price Condition 10" has information 
indicative of the user as a male ("Male"). "Device Condition 1 0" has "No condition." That is, only a male user can select 
45 PTA-1 

[0121] In the case of PT A-2, "Price Condition 20" is set. "User Condition 20" of "Price Condition 20" has information 
indicative of the user as a female ("Female"). "Device Condition 20" has "No Condition." Namely, only a female user can 
select PT A-2. 

[0122] "Price Description" of the PT shows a usage amount for usage of the content in a usage form as set in 
50 "Form" of "Usage Description" of PT A-1. Namely, "2000 yen" set to "Price Description 11" of PT A-1 and "1000 yen" 
set to "Price Description 21" of PT A-2 indicate content purchase prices (fees) because "Forni 1 1" of "Usage Descrip- 
tion 1 1 " indicates "Reproduction by Purchase." 

[0123] "600 yen" of "Price Description 12" of PT A-1 and "300 yen" of "Price Description 22" of PT A-2 indicate 
usage amount of content A in the usage fomn of first-generation duplication as set in "Form 1 2" of "Usage Description 
55 12" of UCP A. Likewise, "1 00 yen" of "Price Description 13" of PT A-1 and "50 yen" of "Piice Description 23" of PT A-2 
indicate usage fees of content A in a usage form of time-limited reproduction as set in "Form 13" of "Usage Description 
13" of UCP A. Next, "300 yen" of "Price Description 14" of PT A-1 and "150 yen" of "Price Description 24" of PT A-2 
indicate usage fees of content A in a usage form of duplicating it 5 times as set in "Form 1 4" of "Usage Description 14" 
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of UCP A. 

rt°J51ti ' Vdt ToT^ Ty^' '=°'^P^^'s°" °^ price description of PT A-1 (applied to male user) with the price 
description of PT A-2 (appled to female user) indicates that the price in PT A-1 is twice as high as the price In PT A-2 
For example. Price Description ir of PT A-1 corresponding to "Usage Description 1 1" of UCP A is "2000 yen" and 
Price Description 21" of PT A-2 corresponding to "Usage Description 1 r of UCP A is "1 000 yen." Likewise, the prices 
t lo^ll^^ °l^^T°V ^" ■■''"^^ Description 1 4" of PT A-1 are twice as high as those set to "Price Descrip- 

lon 22 through Pnce Description 24" of PT A-2. Namely, female users can use content A at prices one half of those 
Tor male users. 

fnli? ^""^ ^"^ ^"'^ ^^sPec«^«^. generated in correspondence wrth UCP B shown 

2" ! ,^ < '° °* ^' °f '^^''^^"^ P™^**^^-- 2. the ID of UCP B, the ID of the service 

' . r °' ^"^ • P"°^ 2°' Pri°e descriptions 31 and 32 

^ /-c K ^!.- °* °' Condrtion." "Device Condition 30" has infor- 

mation ( Subordinate Device") indicative that this device is a suboixJinate device. Namely, PT B-1 can be selected only 
when content A IS used on a subordinate" device. - 

[0127] Because "Form 21" of "Usage Description 21" of UCP B (refer to FIG. 128) is "Pay Per Play 4," "100 yen" of 
Pnce Description 31" of PT B-1 indicates the fee for reproducing the content 4 times. Because -Form 22" of "Usaae 

n°rl /!? o TrT ^/nfcfo ""i" ^ 9«"«'-^t«<^ i" correspondence with UCP B includes ID of content A. ID of content 

Sescrt;onf41 and 42 °' °' P"'^^ ^^^^^'^^^ ^^-^ P"'^^ 

ml^? "^^n ^°"."!'^'°?. °^ "^"^^ ^" °^ f*"^ ""^^ Condrtion." "Device Condition 40" has Infor- 

mation ( Main Device') indicative that this device is a main device. Namely, PT B-2 is selectable only when the content 

A IS used in the mam device. 

• J""^^ ^^r" "^"''^ Description 41 " and "Price Description 42" of PT B-2 indicate fees for using the con- 
tent A in the usage forms set in "Form 21" of "Usage Content 21" and "Form 22" of "Usage Content 22" of UCP B 
respectively. ' 

/ ^.°";P^"=°" °^ ^® P"'* description of PT B-1 (applied to a subordinate device) with the price description of 
ti Jn o"f PT^R o c ^ ^^'C^^^ '"^!'''^^^ P''"^^ description of PT B-1 is set twice as high as the price descrip- 

. ,r example, "Price Description 31 " of PT B-1 is "1 00 yen" while "Price Description 41 " of PT B-2 is "50 

yen. Pnce Description 32" is "300 yen" while "Price Description 42" is "1 50 yen." 

[0132] Refenring to FIG. 1 7 again, a policy storage block 43 stores the UCP of the content supplledfrom the content 
provider 2 and supplies the received UCP to the secure container generation block 44 

[0133] The secure container generation block 44 generates a service provider secure container composed of con- 
tent A (encrypted by content key KcoA), content key KcoA (enciypted by delivery key Kd). UCP A. UCP B signature of 
contem provider 2. PT A-1 , PT A-2. PT B-1 . PT B-2, and signature of the service provider 3 for example as shown in 

[0134] The secure container generation block 44 attaches a service provider certificate composed of certificate ver- 
sion number to the generated service provider secure container, certificate serial number assigned by certificate 
n«lT, ? P''"^'"^^,^' ^'9°rithm and parameter used for the signature, name of certificate authority, the valid 

period of certificate, name of service provider 3. public key Kpsp of service provider 3. and signature as shown in FIG 
21 and sends the resultant secure container to the user home network 5. 

[0135] Refen-ing to FIG. 1 7 again, a cross-authentication block 45 cross-authenticates with the content provider 2 
before receiving the content provider secure container from the content provider 2. Before sending the service provider 
0!^'^*"^ f!!!^'' *° ^"""^ ^' c'-oss-authentication block 45 cross-authenticates wrth the user home 

w "^^oi-k^ is based on satellite communication for example, the cross-authentication between the serv- 

SnSudLTn rh^.on?I "f"""'' ^ P^"^""' "''^'^P'^- ^^'^^"^^ "° confidential infomia- 

tion IS included m the content provider secure container and the service provider secure container, the service provider 
3 need not execute cross-authentication with the content provider 2 and the user home network 5 
[0136] The following describes an exemplary configuration of the receiver 51 constituting the user home network 5 
with reference to FIG. 22. The receiver 51 comprises a communication block 61 , the SAM 62, an external storage block 
troi ^ '=°"^'^""'<=^tion block 65, an interface 66, a display control block 67. and an input con- 

tro block 68. The communication block 61 communicates with the service provider 3 through the network 4 or with the 
EMD service center 1 for sending and receiving predetermined Information 

moH.l -r. SAM 62 comprises a cross-authentication module 71. an charging processing module 72. a storage 
module 73. a decrypton/encryption module 74. and data check module 75. The SAM 62 is made up of a single-chip IC 
(Integrated Crcurt) dedicated to cryptographic processing. This IC has a multilayer structure in which the intemal mem- 
ory cells are sandwiched between dummy layers such as aluminum layers and the width of the operating voltage or fre- 
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quency is held narrow, thereby providing properties (tamper-proof) that mal<e difficult unauthorized access from 
outside. 

[0138] The cross-authentication module 71 of the SAM 62 sends the certificate of the SAM 62 shown in FIG. 23 
stored In the storage module 73 to the other party of cross-authentication, executes cross-authentication with it, and 

5 supplies a temporary l<ey Ktemp shared by the other party to the decryption/encryption module 74. The certificate of 
the SAM 62 includes the same information as that included in the certificate (refer to FIG. 1 6) of the content provider 2 
and the certificate (refer to FIG, 21 ) of the service provider 3 and therefore its description will be omitted. 
[0139] The charging processing module 72 generates UCS and information on charges on the basis of the usage 
description of the selected UCP. FIG. 24 shows UCS A generated on the basis of the usage description 1 1 of UCP A 

10 shown in FIG. 12A and PT A-1 shown in FIG. ISA. As shown in FIG. 24, UCS has predetermined information corre- 
sponding to items "Content ID," "Content Provider ID," "UCP ID," "Valid Period of UCP," "Service Provider ID," "PTID," 
"Valid Period of PT," "UCS ID," " SAM ID," "User ID," "Usage Description," and "Usage History." 

[0140] "Content ID," "Service Provider ID." "UCP ID," "Valid period of UCP," "Service Provider ID," "PT ID," and 
"Valid Period of PT" of UCS have respective items of information of PT. Namely, "Content ID" of UCS'A shown in FIG. 
75 24 has the ID of content A, "Content Provider ID" has the ID of the content provider 2, "UCP ID" has the ID of the UCP 
A, "Valid Period of UCP" has the valid period of UCP A. "Service Provider ID" has the ID of the service provider 3, "PT 
ID" has the ID of PT A-1 , and "Valid Period of PT" has the valid period of PT A-1 . 

[0141] "UCS ID" has a predetermined ID assigned to UCS and "UCS ID" of UCS A has the ID of UCS A. "SAM ID" 
. has the ID of the SAM of the device, "SAM ID" of UCS A has the ID of the SAM 62 of the receiver 51 . "User ID" has the 

20 ID of the user of the content and "User ID" of UCS A has the ID of User F 

[0142] "Usage Description" has items "ID," "Form," "parameter," and "Management Shift Status Information." 
Amongst of these items, information of items corresponding to "Usage Description" of the selected UCP are set. 
Namely, "ID" of UCS A has information (the ID of usage description 1 1 ) set to "ID 1 1 " of "Usage Description 1 1 " of UCP 
A, "Form" has "reproduction by purchase" set in "Form 1 1 " of "Usage Description 1 1 ", "Parameter" has information (cor- 

25 responding to "reproduction by purchase") set in "Parameter 1 1" of "Usage Description 11.". 

[0143] If "Permitted" is set to "Control Shift Pemiit Information" of the selected UCP (namely, control shift is permit- 
ted), the IDs of the control shift source device (the device that purchased the content) and the control shift destination 
device are set to "Control Shift State Information" of "Usage Description." It should be noted that, in the state where no 
content control shift has been made, the ID of the control-shift source device is set also as the ID of the control shift 

30 destination device. On the other hand, if "Not Pemitted" is set to "Control Shift Permit Infomiation" of the UCP, "Not Per- 
mitted" is set to "Control Shift State Information." Namely, in this case, no content control shift is executed (namely, con- 
tent control shift is.not permitted). Because, in "Control Shift State Information" of UCS A, "Pemiitted" is set to "Control 
Shift Permit Information 1 1 " of "Usage Description 1 1 " of UCP A and content A is not control-shifted at this moment, the 
ID of the SAM 62 is set as the ID of the control shift source device and the ID of the control shift destination device. 

35 [0144] "Usage History" includes the history of usage form for the same content. "Usage History" of UCS A stores 
only information indicative of "reproduction by purchase." If content A has been used before in the receiver 51 for exam- 
ple, the information thereof is also stored in the "Usage History." 

[0145] It should be noted that the above-mentioned UCS has "UCP Valid Period" and "PT Valid Period" but a UCS 
may be adapted not to have these items. Also, the above-mentioned UCS has "Content Provider ID" but a UCS may be 
40 adapted not to have this item if the ID of the UCP is unique and therefore a content provider can be identified by this ID. 
Further, "Service Provider ID" may not be provided if the ID of PT is unique and therefore a service provider can be 
" identified by this ID. 

[0146] The generated UCS is sent to the external storage block 63 along with content key Kco (encrypted by save 
key Ksave) supplied from a decryption unit 91 of the decryption/encryption module 74 of the receiver 51 . The UCS and 

45 the content key are stored in a usage information storage block 63A. The usage information storage block 63A are 
divided into M blocks Bp-1 through Bp-M (for example, in units of one megabytes) as shown in FIG. 25. Each block Bp 
is further divided into N usage information memory areas Rp-1 through Rp-N. The content key Kco (encrypted by save 
key Ksave) and UCS supplied from the SAM 62 are stored in a pair into the usage information memory area Bp of pre- 
determined block Bp of the usage information storage block 63A. 

50 [0147] In the example of FIG. 25, the pair of UCS A shown in FIG. 24 and the content key KcoA (encrypted by save 
key Ksave) for decrypting content A is stored in usage infomnation memory area Rp-3 of block Bp-1 . Usage information 
memory areas Rp-1 and Rp-2 of block Bp-1 store content keys Kcol and Kco2 (each encrypted by save key Ksave) 
and UCS 1 and UCS 2 respectively. USage information memory areas Rp-4 (not shown) through Rp-N of block Bp-1 
and blocks Bp-2 (not shown) through Bp-M store neither content key Kco nor UCS but store predetermined initial infor- 

55 mation indicative that they are free. It should be noted that, if the content key Kco (encrypted by save key Ksave) and 
UCS stored in the usage information memory area Rp need not be distinguished from each other, they are generically 
referred to as usage information. 

[0148] FIG. 26 shows infomnation on charges A generated at the same time as UCS A shown in FIG. 24. The infor- 
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mation on charges includes "Content ID," "Content Provider ID." "UCP ID." "Valid Period of UCR" "Service Provider ID " 
ID. 'Valid Period of PT," "UCS ID." "SAM ID." "User ID." "Usage description." and "Charging History" as shown in 

[0149] "Content ID." "Content Provider ID," "UCP ID," "Valid Period of UCP," "Service Provider ID " "PT ID " "Valid 
Penod Of PT." "UCS ID." "SAM ID," "User ID." and "Usage Description" of the information on cha^esLe LLpon^ 
,ng itenrjs of mformation of UCS. Namely. "Content ID" of information on charges A showr, in FIG 26 has the loTon- 
tent A "Content Provider ID" has the ID of the content provider 2, "UCP ID" has the ID of UCP A. "Valid Period orucP" 
has the valid penod of UCP A. "Service Provider ID" has the ID of the service provider 3, "PT ID" has the ID of PT A-1 

User ID has the ID of user F. and "Usage Description" has the usage description of UCS A 

fnfl^r!! "^^f^l"^ °* information on charges has infomiation Indicative that discount points is used and 

Z^^n^ZZT T 1"^°'"'' P°'"» "Charging History" of information on charges A has information 

indicative that d^count point is not used. It should be noted that a total amount of charges is also set to "Charging His- 

D ^^""-J- K ""^^'^ above-mentioned information on charges has "UCP Valid Period" and "PT Valid 

Period but information on charges may be adapted not to have these items. Also, the above-mentioned infomiation on 
charges has "Content Provider ID" but infomiation on charges may be adapted not to have tnis item if the ID of the Uc J 
ITr! ifThfln f^T a content provider can be identified by this ID. Further. "Service Provider ID" may not be pro- 
vided If the ID of PT IS unique and therefore a service provider can be identified by this ID y po 
[0152] Referring to FIG. 22 again, the storage module 73 stores, as shown in FIG. 27. public key Kpu of the SAM 

ItHTl ' ; I '''/.f " •'^'^'^ °' ^•^^ '^'^'^ '^"♦^^ ' ' xSca of certificate au?ho?ty 

Z^r^r-i^Tr ' '^"^"''^"^^ °' ^^"^ ^2 (refer to FIG. 23), infomiation on charges 

(for example, infomiation on charges A shown in FIG. 26). reference infomiation 51 and M check values Hp-1 through 

^n?^^ T' reference information 51 stored in the storage module 73. The reference information 51 

■ncluoes predetemiined information items "SAM ID," "Device Number," "Settlement ID," "Upper Limit Amount of Charo- 
ing,- "Settlement User Infomiation." "Subordinate User Information," and "Discount Point Infomiation " ^ 
u^^'^ y..^''!^;] "Upper Limit Amount of Charging," "Settlement User Infomia- 

. eis ol^n^If r '"^°"7^»'°" ■ .^"d "Discount Point Infomiation" of the reference infomiation have corresponding 
orZ t' J^f °' f f registration infomiation (refer to FIG. 9) managed by the user management block 1 1 

0 IIm 6^ T.ZZT'l\TT''- •^^^'^ '° S'^'^ the device number (100) 
Of bAM me settlement ID of user F. settlement user information (general information of user F such as name 
address, telephone number, settlement organization information, birthday age, and gender) of user F. the ID of user F 
he password of user R and the discount point infomiation (the same as shown in FIG. 1 0) shown in FIG 29 

(01551 -Upoer Limit Amount of Charging" has the upper limit amount of charging which is different when the device 
r/hT^tl !:,P^'^7°".f EI^D ^y^e'"- 'n tf^e present example, the receiver 51 is officially registered, 
so tha the upoer Limit Amount of Charging" of the reference information 51 has infomiation ("Upper Limit Ar^ount fo 
Ofioa. negstration") indicative of the upper limit amount for official registration. It should be noted that thrupper m" 
omount for official registration is greater than that for provisional registration 

ul' 7? r H ''T '°"°7,"9 •^^^'^ribes the M check values Hp-1 through Hp-M shown in FIG. 27 stored in the storage mod- 
ule 73. Check value Hp-1 is a hash value obtained by applying hash function to the entire data stored in the block Bp- 

1 Of the usage jnfonriation storage block 63A (refer to FIG. 25) of the external storage block 63. Like check value Hp-1 

.hr^oXL ""■'^ '''' '^"'^ *° ^^'^^ blo^ Bp-2 

45 [0157] Referring to FIG. 22 again, the decryption/encryption module 74 of the SAM 62 comprises a decryption unit 

tentLT^rn" hT' ^l"^'!.?" T ^""^ ^" "^^ ^^^'yP^^" """9^ decrypts the encrypted con- 

ten key Kco by del«.ery key Kd and outputs the decrypted key to the encryption unit 93. The random number geneiBtion 

npLr^tT^"^'^" ^ T^^Z? "^"""^ predetemiined number of digits at the time of cross-authentication to 

so enc"^or;Tnit°9r ' ' ^"^^ certification) and sends this key to the 

So'^nl m J^f encryption unit 93 encrypts the decrypted content key Kco again by the save key Ksave stored in the 
storage module 73. The encrypted content key Kco is supplied to the external storage block 63. When sending the con- 
tent key Kco to the decompression block 64. the encryption unrt 93 encrypts the content key Kco by the ter^pomr^^^^ 
Ktemp generated by the random number generation unit 92. le lemporary Key 

!J!h?H t "^^^k"^*^ ''^^''^ T^""^ compares check value Hp stored in the storage module 73 with the hash value 
to lee?!'?,? ~rr"?p^ ""^3" Morm^^^on storage block 63A of the external storage block 63 

nn^h/ '""^P"^"'- """^ ""^'^ '^^^^^ "^•^'^"'^ 75 computes Check value Hp again when 

purchase, usage, or management shift of content is made, storing the computed check value into the storage module 
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73 (or updating the stored check value with the newly computed check value). 

[0160] The decompression block 64 comprises a cross-authentication module 101, a decryption module 102, a 
decryption module 103, a decompression module 104, and a watermark attachment module 105. The cross -authenti- 
cation module 101 cross-authenticates the SAM 62 and outputs the temporary key Ktemp to the decryption module 

5 102. The decryption module 102 decrypts by use of the temporary key Ktemp the content key Kco encrypted by the 
temporary key Ktemp and outputs the decrypted content key to the decryption module 1 03. The decryption module 1 03 
decrypts the content stored in the HDD 52 by the content key Kco and outputs the decrypted content to the decompres- 
sion module 1 04. The decompression module 1 04 decompresses the decrypted content by a scheme such as ATRAC2 
and outputs the decompressed content to the watermark attachment module 105. The watermark attachment module 

10 1 05 attaches a predetermined watermark (electronic watermark) which is information for identifying the receiver 51 (for 
example, ID of SAM 62) to the content and outputs the watermarked content to a loudspeaker, not shown, reproducing 
music for example. 

[0161] The communication block 65 communicates with the other device (not shown) of the user home network 5, 
The interface 66 changes signals supplied from the SAM 62 and the decompression block '64 into a p'redeterminea for- 
ts mat and outputs the resultant signals to the HDD 52 and signals from the HDD 52 into a predetermined format and out- 
puts the resultant signals to the SAM 62 and the decompression block 64. 

[0162] The display control block 67 manages the output to a display block (not shown). The input control block 68 

manages the input from an operator block (not shown) composed of various operation management. 

[0163] The HDD 52 stores a registration list as shown in FIG. 30 in addition to the content UCR and PT supplied 

20 from the service provider 3. The registration list consists of a list portion in which information is stored in table form and 
an object SAM infomriation portion in which predetermined information about the device holding this list is stored. 
[0164] The object SAM infonriation portion stores, in "Object SAM ID," the SAM ID of the device holding this regis- 
tration list, namely the ID of the SAM 62 of the receiver 51 in this example. The object SAM information portion also 
stores, in "Valid Period," the valid period of this registration list and, in "Version Number," the version number of this reg- 

25 istration list. This portion further stores, in "Connected Device Count," the number of connected devices (including the 
receiver 51 itself), namely value 1 because no other devices are connected. 

[0165] The list portion consists of 9 items "SAM ID," "User ID," "Purchase Processing," "Charging Processing," 
"Charging Device," "Content Supply Device," "Status Flag," "Registration Condition Signature," and "Registration List 
Signature." In the present example, predetemiined information is stored in these items as the registration condition of 
3o the receiver 51. 

[0166] "SAM ID" stores the ID of the SAM of the device. In this example, the ID of the SAM 62 of the receiver 51 is 
stored. "User ID" stores the ID of the user of the device. In this example, the ID of user F is stored. 
[0167] "Purchase Processing" stores infomnation ("Permitted" or "Not Pemriitted") Indicative whetherthe processing 
for purchasing content can be executed or not. In this example, the receiver 51 can execute this processing, so that 
35 "Permitted" is stored. 

[0168] "Charging Processing" stores information ("Permitted" or "Not Permitted") indicative whether the corre- 
sponding device can execute processing for settlement with the EMD service center 1. In this example, since user F is 
. registered as a settlement user, the receiver 51 can execute this processing. Therefore, "Permitted" is set to "Charging 
Processing." 

40 [0169] "Charging Device" stores the ID of the SAM of the device that executes the processing the charges added 
up in the corresponding device. In this example, since the receiver 51 (the SAM 62) can settle the charges of its own, 
the ID of the SAM 62 is stored. 

[01 70] "Content Supply Device" stores, if the corresponding device is supplied content not from the service provider 
3 but from another connected device, the ID of the SAM of that connected device. In this example, since the receiver 

45 51 receives content from the service provider 3, information ("No") indicative that there is no content supplying device. 
[0171] "Status Flag" stores an operation limiting condition of the corresponding device. If there is no limitation, infor- 
mation ("Not Limited") indicative thereof is stored. If a certain limitation is imposed, information ("Limited") indicative 
thereof is stored. If the operation of the corresponding device is stopped, information ("Stop") is stored. If settlement has 
been unsuccessful or the credit granting processing for official registration has not been completed (namely, only pro- 

50 visional registration has been made), "Limited" is set to "Status Flag" of that device. In this example, in the device with 
"Limited" set to "Status Flag," the processing for using already purchased content is executed but the processing for 
purchasing new content is not executed. Namely, a certain limitation is imposed on that device. If unauthorized duplica- 
tion of content for example is detected, "Stop" is set to "Status Flag," stopping the operation of that device. Thus, that 
device cannot receive any service from the EMD system. 

55 [0172] In the present example, it is assumed that no limitation is imposed on the receiver 51 , so Ihat "No" is set to 
"Status Flag." 

[0173] "Registration Condition Signature" stores the signature by the EMD service center 1 for the information 
stored as registration conditions into "SAM ID," "User ID," "Purchase Processing," "Charging Processing," "Charging 
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Device," "Content Supply Device," and "Status Flag." In the present example, the signature for the registration condition 
of the receiver 51 is stored. To '"Registration List Signature," the signature for the entire data set to the registration list 
Is set. 

[0174] The following describes the processing of the EMD system with reference to the flowchart shown in FIG. 31 
5 by use of an example in which content A held in the content server 2 is supplied to the receiver 51 of the user home 
network 5 through the service provider 3. 

[0175] Now, in step 81 1 , processing is executed for supplying delivery key Kd from the EMD service center 1 to the 
content provider 2. This processing is detailed in FIG. 32. Namely, in step S31 , the cross-authentication block 1 7 of the 
EMD service center 1 cross-authenticates the cross-authentication block 39 of the content provider 2. If the content pro- 
w vider 2 is found a valid provider, the content provider management block 1 2 of the EMD service center 1 sends the deliv- 
ery key Kd supplied from the key server 14 to the content provider 2. Details of the cross-authentication processing will 
be described later with reference to FIGS. 33 through 35. 

[0176] Next, in step S32, the encryption block 36 of the content provider 2 receives the delivery key Kd sent from 
the EMD service center and stores it in step S33. 

15 [0177] Thus, when the encryption block 36 of the content provider 2 has stored the delivery key Kd, the delivery key 
supply processing comes to an end and the system proceeds to step 812 shown in FIG. 31. Before describing the 
processing of step SI 2 and so on, the cross-authentication (for checking for masquerading) in step S31 of FIG. 32 will 
be described by use of an example in which one common key is used (refer to FIG. 33). another example in which two 
common keys are used (refer to FIG. 34). and still another example in which public key cryptography is used (refer to 

20 FIG. 35). 

[0178] FIG. 33 shows a flowchart describing cross-authentication processing between the cross-authentication 
block 39 of the content provider 2 and the cross-authentication block 1 7 of the EMD service center 1 by use of one com- 
mon key and DES which is public key cryptography. In step S41 , the cross-authentication block 39 of the content pro- 
vider 2 generates a 64-bit random number R1 (this may be generated by the random number generation block 35). In 
25 step S42, the cross-authentication block 39 of the content provider 2 encrypts on the basis of DES the random number 
R1 by the common key Kc stored in advance (this encryption may be made by the encryption block 36). In step S43, 
the cross-authentication block 39 sends the encrypted random number R1 to the cross-authentication block 17 of the 
EMD service center 1 . 

[0179] In step S44, the cross-authentication block 17 decrypts the received random number R1 by the stored com- 

30 mon key Kc. In step S45, the cross-authentication block 17 generates a 32-bit random number R2. In step S46, the 
cross-authentication block 1 7 transposes the low-order 32 bits of the decrypted 64-bit random number R1 with the ran- 
dom number R2 to generate a coherence R1hIIR2. It should be noted here that Rin denotes the high-order bits of Ri 
and AIIB denotes a coherence between A and B (m-bit B is linked to the end of n-bit A to provide (n + m) bits). In step 
S47, the cross-authentication block 1 7 encrypts RI hIIR2 by the common key Kc on the basis of DES. In step S48, the 

35 cross-authentication block 1 7 sends the encrypted RI hIIR2 to the content provider 2. 

[0180] In step S49, the cross-authentication block 39 of the content provider 2 decrypts the received R1hIIR2 by 
the common key Kc. In step S50, the cross-authentication block 39 checks the high-order 32 bits RIh of the decrypted 
R1hIIR2. If the high-order 32 bits RIh are found matching the high-order 32 bits RIh of the random number Rl gener- 
ated in step S41 , it indicates that the EMD service center 1 is a valid center. Othenwise, this processing is aborted. In 

40 the case of matching, then, in step 851, the cross-authentication block 39 generates a 32-bit random number R3. fn 
step 852, the cross-authentication block 39 sets the received decrypted 32-bit random number R2 to the upper and the 
generated random number R3 to the lower to provide a coherence R2IIR3. In step S53, on the basis of DES, the cross- 
authentication block 39 encrypts the coherence R2IIR3 by the common key Kc. In step S54, the cross -authentication 
39 sends the encrypted coherence R2IIR3 to the cross-authenticatron block 17 of the EMD service center 1. 

45 [0181] In step S55, the cross-authentication block 17 decrypts the received coherence R2IIR3 by the common key 
Kc. In step 856, the cross-authentication block 1 7 checks the high-order 32 bits of the decrypted coherence R2IIR3. If 
they are found matching the random number R2, the cross-authentication block 17 authenticates the content provider 
2 as a valid provider; othenwise, the cross-authentication block 17 determines the content provider 2 to be an invalid 
provider and ends the processing. 

50 [0182] FIG. 34 is a flowchart describing cross-authentication processing between the cross-authentication block 39 
of the content provider 2 and the cross-authentication block 1 7 of the EMD service center 1 by use of two common keys 
Kcl and Kc2 on the basis of DES. In step 861, the cross-authentication block 39 generates a 64-bit random number 
RI. In step 862, the cross-authentication block 39 encrypts the random number RI by the stored common key Kcl on 
the basis of DES. In step S63, the cross-authentication block 39 sends the encrypted random number RI to the EMD 

55 service center 1. 

[0183] In step S64, the cross-authentication block 17 of the EMD service center 1 decrypts the received random 
number RI by the stored common key Kcl . In step S65. the cross-authentication block 1 7 encrypts the random number 
RI by the stored common key Kc2. In step 866, the cross-authentication block 17 generates a 64-bit random number 
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^ R2. (n step S67, the cross-authentication block 17 encrypts the random number R2 by the common key Kc2. In step 
S68, the cross-authentication block 1 7 sends the encrypted random number R1 and the encrypted random number R2 
to the cross-authentication block 39 of the content provider 2. 

[0184] In step S69, the cross-authentication block 39 decrypts the received random number R1 and random 

5 number R2 by the stored common key Kc2. In step S70, the cross-authentication block 39 checks the decrypted ran- 
dom number R1 . If this random number R1 is found matching the random number R1 (before encryption) generated in 
step S61, the cross-authentication block 39 authenticates the EMD service center 1 as a valid center; otherwise, the 
cross-authentication block 39 determines the EMD service center 1 to be an Invalid center and ends the processing. In 
step S71 , the cross-authentication block 39 encrypts the decrypted random number R2 by the common key Kcl . In step 

10 S72, the cross-authentication block 39 sends the encrypted random number R2 to the EMD service center 1 . 

[0185] In step S73, the cross -authentication block 1 7 decrypts the received random number R2 by the common key 
Kcl . In step S74, the cross-authentication block 1 7 checks the decrypted random number R2. If this decrypted random 
number R2 is found matching the random number R2 (before encryption) generated in step S66, the cross-authentica- 
tion block 17 authenticates the content provider 2 as a valid prbvider- btherwiiser the crosis-authentic^tion block 17 

15 determines the content provider 2 to be an invalid provider and ends the processing. 

[0186] FIG. 35 shows a flowchart describing cross-authentication processing between the cross-authentication 
block 39 of the content provider 2 and the cross-authentication block 1 7 of the EMD service center 1 by use of 1 60-bit 
elliptic curve cryptography of public key cryptography. In step S81 . the cross-authentication block 39 generates a 64-bit 
random number R1 . In step S82, the cross-authentication block 39 sends a certificate (obtained from certificate author- 

20 ity in advance) including the public key Kpcp of its own and the random number R1 to the cross-authentication block 1 7. 
[0187] In step S83, the cross-authentication block 17 of the EMD service center 1 decrypts the signature 
(encrypted by the secret key Ksca of the certificate authority) of the received certificate by the previously acquired pub- 
lic key Kpca of the certificate authority, extracts the public key Kpcp of the content provider 2 and the hash value of the 
name of the content provider 2, and extracts the public key Kpcp of the content provider 2 included in the certificate as 

25 plaintext and name of the content provider 2. If the certificate is found correct, the signature of the certificate can be 
decrypted. The public key Kpcp and the hash value of the name of the content provider 2 obtained by the decryption 
match the public key Kpcp of the content provider 2 included in the certificate as plaintext and the hash value obtained 
by applying hash function to the name of the content provider 2, respectively. Thus, the public key Kpcp is authenticated 
to be the public key not tampered. If the signature cannot be decrypted or if the signature can be decrypted but there is 

30 no hash value match, it indicates that either the public key is not con-ect or the provider is not con-ect, and then the 
processing is ended. 

[0188] When a correct authentication result has been obtained, the cross-authentication block 1 7 generates a 64- 
bit random number R2 in step S84. In step S85, the cross-authentication block 17 generates a coherence R1IIR2. In 
step see, the cross-authentication block 17 encrypts the coherence R1 IIR2 by its own secret key Ksesc. In step S87, 
35 the cross-authentication block 17 encrypts the coherence R1IIR2 by the public key Kpcp of the content provider 2 
obtained in step S83. In step S88, the cross-authentication block 17 sends the coherence R1IIR2 encrypted by the 
secret key Ksesc, the coherence R1 1IR2 encrypted by the public key Kpcp, and the certificate (previously obtained from 
the certificate authority) including its own public key Kpesc to the cross-authentication block 39 of the content provider 
2. 

40 [0189] In step S89, cross-authentication block 39 decrypts the signature of the received certificate by the previously 
obtained public key Kpca of the certificate authority and, if the signature is found con-ect, extracts the public key Kpesc 
from the certificate. This processing is generally the same as that of step S83 and therefore its description will be 
skipped. In step S90, by use of the public key Kpesc obtained in step S89, the cross-authentication block 39 decrypts 
the coherence R1 IIR2 encrypted by the secret key Ksesc of the EMD service center 1 . In step S91 , by use of its own 

45 secret key Kscp, the cross-authentication block 39 decrypts the encrypted coherence R1IIR2. In step S92, the cross- 
authentication block 39 compares the coherence R1IIR2 decrypted in step S90 with the coherence R1IIR2 decrypted 
in step S91. If a match is found, the cross-authentication block 39 authenticates the EMD service center 1 as a correct 
center: otherwise, the cross-authentication block 39 determines the center to be incorrect and ends the processing. 
[0190] If a correct authentication result has been obtained, the cross-authentication block 39 generates a 64-bit 

50 random number R3 in step S93. In step S94. the cross-authentication block 39 generate a coherence R2IIR3. In step 
S95, the cross-authentication block 39 encrypts the coherence R2IIR3 by the public key Kpesc obtained in step S89. In 
step S96, the cross-authentication block 39 sends the encrypted coherence R2II R3 to the cross-authentication block 1 7 
of the EMD service center 1 . 

[0191] In step S97, the cross-authentication block 1 7 decrypts the encrypted coherence R2ilR3 by its own secret 
55 key Ksesc. In step S98, if the decrypted random number R2 is found matching the random number R2 (before being 
encrypted) generated in step S84, the cross-authentication block 17 authenticates the content provider 2 as a correct 
provider; othenwise, the cross-authentication block 17 determines the content provider 2 as incorrect and ends the 
processing. 
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[0192] Thus, the cross-authentication block 17 of the EMD service center 1 and the cross-authentication block 39 
of the content provider 2 execute the cross-authenticating operations. The random numbers used in the cross-authen- 
tication are used for a tennporary key Ktemp which is valid only for the processing that follows this cross-authentication 

processing. 

5 [0193] The following describes the processing of step SI 2 shown in FIG. 31 . In step SI 2, processing is performed 
in which a content provider secure container is supplied from the content provider 2 to the service provider 3. Details of 
this processing will be described with reference to the flowchart of FIG. 36. To be more specific, the watemnark attach- 
ment block 32 of the content provider 2 reads content A from the content server 31 , inserts a predetermined watermark 
indicative of the content provider 2 into content A, and sends the resultant content to the compression block 33. 

10 [0194] In step 8202, the compression block 33 of the content provider 2 compresses watemnarked content A by a 
predetermined scheme such as ATRAC2 and supplies the compressed content to the encryption block 34. In step 
8203, the random generation block 35 generates a random number that provides a content key KcoA and supplies it to 
the encryption block 34. 

[0195] In step 8204, the encryption block 34 of the content provider 2 encrypts the compressed watermarked con- 
15 tent A by use of the random number (namely the content key KcoA) generated in the random generation block 35 on 
the basis of a predetermined cryptography such as DES. In step S205, on the basis of a predetermined cryptography 
such as DES, the encryption block 36 encrypts the content key KcoA by the delivery key Kd supplied from the EMD 
service center 1 . 

[0196] In step 8206, the secure container generation block 38 of the content provider 2 computes a hash value by 

20 applying hash function to all of the content A (encrypted by the content key KcoA), the content key KcoA (encrypted by 
the delivery key Kd) and the UCP A and UCP B corresponding to the content A stored in the policy storage block 37 
and encrypts the hash value with its own secret key Kscp, thereby generating a signature shown in FIG. 15. 
[0197] In step 8207, the secure container generation block 38 of the content provider 2 generates a content pro- 
vider secure container shown in FIG. 1 5 which includes the content A (encrypted by the content key KcoA), the content 

25 key KcoA (encrypted by the delivery key Kd), the UCP A and UCP B, and the signature generated in the step S206. 
[0198] In step 208, the cross-authentication block 39 of the content provider 2 cross-authenticates the cross- 
authentication block 45 of the service provider 3. This authentication processing is generally the same as that described 
with reference to FIGS. 33 through 35 and therefore its description will be skipped. In step 8209, the secure container 
generation block 38 of the content provider 2 attaches the certificate previously issued by the certificate authority to the 

30 content provider secure container generated in step 207 and sends them to the service provider 3. 

[0199] Thus, when the content provider secure container has been supplied to the service provider 3, the content 
provider secure container supply processing comes to an end and the system proceeds to step 813 shown in FIG. 31 . 
[0200] In step 813, the service provider secure container is supplied from the service provider 3 to the user home 
network 5 (or the receiver 51 ). Details of this processing will be described with reference to the flowchart shown in FIG. 

35 37. To be more specific, in step 3221 , the value attachment block 42 of the service provider 3 checks the signature 
included in the certificate attached to the content provider secure container supplied from the content provider 2. If the 
certificate is found untampered, the value attachment block 42 takes the public key Kpcp of the content provider 2 out 
of the certificate. The signature of the certificate is checked in the same manner as in the processing of step S83 shown 
in FIG. 35 and therefore the description of this checking will be skipped. 

40 [0201] In step S222, the value attachment block 42 of the service provider decrypts the signature of the content pro- 
vider secure container supplied from the content provider 2 by the public key Kpcp thereof. The value attachment block 
42 matches the obtained hash value against the hash value obtained by applying hash function to all of the content A 
(encrypted by the content key KcoA), the content key KcoA (encrypted by the deliver key Kd), and the UCP A and UCP 
B, thereby checking the content provider secure container for tampering. If a mismatch is found (or the secure container 

45 is found tampered), this processing is aborted. In this example, however, it is assumed that no tampering has been 
found in the secure container and therefore the system proceeds to step S223. 

[0202] In step 8223, the value attachment block 42 takes the content A (encrypted by the content key KcoA), the 
content key KcoA (encrypted by the delivery key Kd), and the signature out of the content provider secure container and 
sends them to the content server 41 . The content server 41 receives and stores them. The value attachment block 42 
50 also takes the UCP A and the UCP B out of the secure container and supplies them to the secure container generation 
block 44. 

[0203] In step 224, the value attachment block 42 generates PT A-1 and PT A-2 and PT B-1 and PT B-2 on the 
basis of the extracted UCP A and UCP B and supplies the generated PTs to the secure container generation block 44 
of the service provider 3. 

55 [0204] In step S225, the secure container generation block 44 generates the service provider secure container 
shown in FIG. 20 from the content A (encrypted by the content key KcoA) and the content key KcoA (encrypted by the 
delivery key Kd) read from the content server 41 and the UCP A. UCP B, the signature of the content provider 2, the PT 
A-1 , A-2, B-1 , and B-2, and their signature. 
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[0205] In step S226, the cross-authentication block 45 of the service provider 3 cross-authenticates the cross- 
authentication block 71 of the receiver 51. This cross-authentication processing is generally the same as the case 
described with reference to FIGS." 33 through 35 and therefore the description will be skipped. 

[0206] In step S227, the secure container generation block 44 attaches the certificate of the service provider 3 to 
5 the service provider secure container generated in step S225 and sends the resultant secure container to the receiver 
51 of the user home network 5. 

[0207] Thus, when the service provider secure container has been supplied from the service provider 3 to the 
receiver 51 , the service provider secure container supply processing comes to an end and the system proceeds to step 
SI 4 shown in FIG. 31. 

10 [0208] In step SI 4, the service provider secure container outputted from the service provider 3 is received by the 
receiver 51 of the user home network 5. Details of this processing will be described with reference to the flowchart 
shown in FIG. 38. To be more specific, in step S241, the cross-authentication module 71 of the receiver 51 cross- 
authenticates the cross-authentication block 45 of the service provider 3 through the communication block 61. When 
this cross-authentication" is successful, the comriiuiiication block 61 receives the service provider secure container 

75 (refer to FIG, 20) from the cross-authenticated service provider 3. If this cross-authentication is unsuccessful, this 
processing is aborted. In this example, it is assumed that the cross-authentication is successful and the system pro- 
ceeds to step 8242. 

[0209] In step S242, the communication block 61 of the receiver 51 receives a public key certificate from the service 
provider 3 cross-authenticated in step S241 . 
20 [0210] In step 8243, the decryption/encryption module 74 of the receiver 51 checks the signature included in the 
service provider secure container received in step 8241 for tampering. If the secure container is found tampered, this 
processing is aborted. In this example, it is assumed that the service container is found untampered and the system 
proceeds to step S244. 

[0211] In step S244, the UCP and the PT and their usage and price descriptions are selected. To be specific, in the 
25 reference infomnation 51 (refer to FIG. 28) stored in the storage module 73 of the receiver 51 , the UCP satisfying the 
usage condition and the PT satisfying the price condition are selected. In the present example, in "Discount Point Infor- 
mation" of the reference information 51 of the receiver 51 , the user discount amount is 1 GO (= 20 + 30 + 50) yen as 
shown in FIG. 29. Namely, according to this reference infomnation 51 , of UCP A and UCP B set in con-espondence with 
content A, UCP A (refer to FIG. 12A) in which "User Condition 10" of "Usage Condition 10" is "100 yen or more." Fur- 
30 ther, "Settlement User Information" of the reference information 51 indicates that user F is male, so that the condition 
set to "Price Condition 10" of PT A-1 (refer to FIG. ISA) is satisfied. Consequently, of PT A-1 and PT A-2 generated in 
correspondence with UCP A, PT A-1 is selected. 

[0212] Next, the descriptions of the UCP A and PT A-1 thus selected are displayed on a display block (not shown) 
through the display control block 67. Refen-ing to the displayed descriptions (to examine usage forms to be used and 
35 their prices, for example), user F performs an operation on an operator block (not shown) for selecting a predetermined 
"Usage Description" of the UCP A. The input control block 68 outputs the ID of the selected usage description of the 
UCP A and the ID of the PT A-1 to the SAM 62, input from the operator block. In the present example, it is assumed 
that usage description 1 1 of the UCP A (price description 11 of PT A-1 ) has been selected. 

[0213] At the same time, the discount point information in the reference information 51 stored in the storage module 
40 73 (if there is no discount point, infomnation thereof) is displayed on the display block. Referring to the displayed infor- 
mation, user F performs an operation on the operator block for setting the decision whether to use discount point or not. 
The input control block 68 outputs the decision to the SAM 62. In the present example, it is assumed that no discount 
point is used. 

[021 4] In step S245, the charging processing module 72 of the SAM 62 of the receiver 51 generates the UCS A and 
45 information on charges A ("Charging History" indicates that no discount point is used) on the basis of "Usage Descrip- 
tion 1 1 " of UCP A and the PT A-1 selected in step S244. Namely, in this case, the content A is purchased at a price of 
2,000 yen and reproduced. 

[021 5] In step S246, the content A (encrypted by the content key KcoA), the UCP A-1 , the PT A-1 and PT A-2, and 
the signature of the content provider 2 are taken out of the service provider secure container (refer to FIG. 20) and 
50 stored in the HDD 52. In step 8247, the decryption unit 91 of the decryption/encryption module 74 decrypts the content 
key KcoA (encrypted by the delivery key Kd) included in the service provider secure container by the delivery key Kd 
stored in the storage module 73. 

[0216] In step S248, the encryption unit 93 of the decryption/encryption module 74 encrypts the content key KcoA 
decrypted in step S247 by the save key Ksave stored in the storage module 73. 
55 [021 7] In step 8249, the data check module 75 of the receiver 51 detects the block Bp of the usage information stor- 
age block 63A (refer to FIG. 25) of the external storage block 63 in which the content key KcoA encrypted by the save 
key Ksave in step S248 and the UCS A generated in step S245 are stored in a pair. In the present example, the block 
Bp-1 of the usage infomnation storage block 63A is detected. It should be noted that, in the usage infonnation storage 
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block 63A shown in FIG. 25, the content key KcoA and the UCS A are shown as stored in the usage information mem- 
ory area Rp-3 of the block Bp-1 , but, at this point of time, these are not stored in the Rp-3, which stores instead prede- 
termined initial information indicative that the Rp-3 is free. 

[0218] In step S250, the data check module 75 of the receiver 51 obtains a hash value by applying hash function 
5 to the data (all data stored in the usage information memory areas Rp-i through Rp-N) in the block Bp-1 detected in 
step S249. Next, in step S251, the data check module 75 compares the hash value obtained in step S250 with the 
check value Hp-1 (refer to FIG. 27) corresponding to the block Bp-1 stored in the storage module 73. If a match is found, 
It indicates that the data in the block Bp-1 are not tampered, so that the system proceeds to step S252. 
[0219] In step S252, the SAM 62 of the receiver 51 stores the usage infomnation (the content key KcoA encrypted 
w by the save key Ksave in step 248 and the UCS A generated in step S245) into the usage information memory area Rp- 
3 of the block Bp-1 of the external storage block 63. 

[0220] In step S253, the data check module 75 of the receiver 51 computes a hash value by applying hash function 
to all data stored in the block Bp-1 of the usage information storage block 63A to which the usage information memory 
area Rp-3 in which the usage information was stored in step S252. In step S254, the data check module 75 writes the 
15 Obtained hash value over the check value Hp-1 stored in the storage module 73. In step S255, the charging processing 
module 72 stores the infomiation on charges A generated in step 8245 Into the storage module 73, upon which the 
processing comes to an end. 

[0221] If, in step 8251 , no match is found between the computed hash value and the check value Hp-1 , it indicates 
that the data in the block Bp-1 are tampered. The system proceeds to step S256, In which the data check module 75 

20 determines whether all blocks Bp of the usage information storage block 63A of the external storage block 63 have been 
checked. If all blocks Bp are found not checked, then, in step 8257. the data check module 75 checks the usage infor- 
mation storage block 63A for other free blocks Bp. Then, back to step S250, the processing is repeated. 
[0222] In step S256, if all blocks Bp of the usage infomiation storage block 63A are found checked, it indicates that 
there is no block Bp (usage infomiation memory area Rp) that can store usage information, upon which the service pro- 

25 vider secure container receiving processing comes to an end. 

[0223] Thus, when the service provider secure container has been received by the receiver 51, the processing 
comes to an end and the system proceeds to step 815 shown in FIG. 31 . 

[0224] In step 815, the supplied content A is used in the receiver 51 . In this case, according to the usage descrip- 
tion 1 1 of the selected UCP A, the content A Is used by reproduction. Therefore, the following describes the processing 

30 of reproducing the content A with reference to the flowchart shown in FIG. 39. 

[0225] In step 8261 , the data check module 75 of the receiver 51 computes a hash value by applying hash function 
to the data stored in step 8252 of FIG. 38 In the block Bp-1 of the usage information storage block 63A to which the 
usage infomiation memory area Rp-3 storing the content key KcoA (encrypted by the save key Ksave) and the UCS A 
belongs, in step 8252 shown in FIG. 45. 

35 [0226] In step 8262, the data check module 75 compares the hash value computed in step 8261 and the hash 
value (check value Hp-1) computed in step S253 of FIG. 38 and stored In the storage module 73 in step 8254. If a 
match is found, it indicates that the data in the block Bp-1 are not tampered. The system proceeds to step 8263. 
[0227] In step 8263, It-is determined, on the basis of the information indicated by "Parameter" of "Usage Descrip- 
tion" of the UCS A (refer to FIG. 24), whether the content A is usable or not. For example, in the UCS in which "Form" 

40 of "Usage Description" is "time-limited reproduction," its "Parameter" stores the start and end periods (or times) of the 
reproduction, so that the current time is checked whether It is inside the time limit range. If the current time is found 
inside the time limit range, it is determined that corresponding content is usable; otherwise, the content is unusable. In 
the UCS in which "Form" of "Usage Description" is the reproduction (or duplication) only by a predetermined number of 
times, its "Parameter" stores the remaining number of times the content can be used. In this case, if the number of times 

45 set to "Parameter" is not zero, it is determined that the corresponding content is usable. If the number of times is zero, 
it is detennined that the corresponding content is unusable. 

[0228] -Form" of "Usage Description" of the UCS A is "reproduction by purchase." so that, in this case, the content 
A IS purchased and reproduced without condition. Namely, "Parameter" of "Usage Description" of the UCS A stores the 
infonnation indicative of usability of content. Hence, in the present example, it is determined in step 8263, that the con- 
st? tent A is usable and the system proceeds to step 8264. 

[0229] In step 8264, the charging processing module 72 of the receiver 51 updates the UCS A. Although informa- 
tion to be updated is not included in the UCS A, if "Form" of "Usage Description" is the reproduction only by the prede- 
termined number of times, the reproduction count set to the "Parameter" is decremented by one. 
[0230] Next, in step S265, the receiver 51 stores the UCS A (actually not updated) updated in step 8264 into the 
55 usage information memory area Rp-3 of the block Bp-1 of the usage infomnation storage block 63A. In step 8266 the 
data check module 75 computes a hash value by applying hash function to the data in the block Bp-1 of the usage infor- 
mation storage block 63A in which the UCS A was stored in step 8265 and writes the computed hash value over the 
check value Hp-1 stored in the storage module 73. 
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[0231] In step S267, the cross-authentication module 71 of the SAM 62 cross-authenticates the cross-authentica- 
tion module 1 01 of the decompression block 64 and the SAM 62 and the decompression blocl< 64 share temporary key 
Ktemp. This cross-authentication processing is generally the same as described with reference to FIGS. 33 through 35 
and therefore its description will be skipped. Random numbers R1, R2, R3 or their combination used for cross-authen- 

5 tication is used as the temporary key Ktemp. 

[0232] In step S268,.the decryption unit 91 of the decryption/encryption module 74 decrypts the content key KcoA 
(encrypted by the save Ksave) stored in the block Bp-1 (the usage information memory area Rp-3) of the usage infor- 
mation storage block 63A in step 8252 of FIG. 38 by the save key Ksave stored in the storage module 73. 
[0233] Next, in step S269, the encryption unit 93 of the decryption/encryption module 74 encrypts the decrypted 

10 content key KcoA by temporary key Ktemp. In step S270. the SAM 62 sends the content key KcoA encrypted by tem- 
porary key Ktemp to the decompression block 64. 

[0234] In step S271 , the decryption module 1 02 of the decompression block 64 decrypts the content key KcoA by 
temporary key Ktemp. In step 8272, the decompression block 64 receives the content A (encrypted by the content key 
Kcd) storedln the RDD"527ln step S273Vthe decryption module '1 03 of the clecompression block" 64~decrypts the con"-" 

15 tent A (encrypted by the content key Kco) by the content key KcoA. 

[0235] in step 8274, the decompression module 1 04 of the decompression block 64 decompresses the decrypted 
content A by a predetermined scheme such as ATRAC2. In step 8275, the watermark attachment module 1 05 of the 
decompression block 64 inserts a predetermined watermark identifying the receiver 51 into the decompressed content 
A. In step 8276, the content A is outputted to a speaker, not shown, for example, upon which the content reproduction 

20 processing comes to an end. 
,~ ' [0236] In step 8262, if the hash value computed in step 8261 is found not matching the check value Hp-1 stored in 
V the storage module 73 of the receiver 51 or, if the content is found unusable, then the SAM 62 executes, in step 8263, 

a predetermined error handling operation such as displaying an en'or message on a display block not shown through 
the display control block 67, upon which the content reproduction processing is aborted. 

25 [0237] Thus, when the content A is reproduced (or used) in the receiver 51 , the content reproduction processing as 
well as the content A usage processing shown in FIG. 31 come to an end. 

[0238] The following describes the processing of settling the charges of the receiver 51 with reference to the flow- 
chart shown in FIG. 40. It should be noted that this settlement processing starts when added-up charges exceeds a pre- 
determined upper limit amount (namely, the upper limit amount for official or provisional registration) or the version of 

30 delivery key Kd has become obsolete and therefore cannot decrypt the content key Kco (encrypted by delivery key Kd) 
in step 8247 of FIG. 38 for example (namely, the service provider secure container cannot be received). 
[0239] To be specific, in step 8301 , cross-authentication Is executed between the receiver 51 and the EMD service 
center 1. This cross-certification is generally the same as described with reference to FIGS. 33 through 35 and there- 
fore its description will be skipped. 

35 [0240] Next, in step S302. the SAM 62 of the receiver 51 sends a certificate to the user management block 18 of 
the EMD service center 1 . In step 8303, the SAM 62 of the receiver 51 encrypts the infonnation on charges stored in 
the storage module 73 by the temporary key Ktemp shared by the EMD service center 1 in step S301. Then, the SAM 
62 sends the encrypted information on charges to the EMD service center 1 along with the version of the delivery key 
Kd, the corresponding UCP and PT stored in the HDD 52, and the registration list. - 

40 [0241] In step 8304, the user management block 1 8 of the EMD service center 1 receives and decrypts the infor- 
f^^^ mation supplied from the receiver 51 in step 8303 and checks to see if there is any unauthorized action in the receiver 
51 that sets "stop" to "Status Flag" of the registration list. 

[0242] In step 8305, the charging block 1 9 of the EMD service center 1 analyzes the Information on charges 

received in step 8303 to execute settlement processing. Details of this processing will be described with reference to 
45 the flowchart shown in FIG. 41. Next, in step 8306, the user management block 18 determines whether the charges 
has been successful or not by the processing executed in step 8305. 

[0243] Next, in step 8307. on the basis of the confirmation made in step S304 and the confirmation made in step 
8306, the user management block 1 8 sets the registration condition of the receiver 51 and attaches a signature thereto 
to form the registration list of the receiver 51 . 

50 [0244] For example, if an unauthorized action is found in step 8304, "stop" is set to "Status Flag" of the registration 
list. In this case, the further processing is all stopped. Namely, the receiver 51 cannot receive the services of the EMD 
system. If the settlement is found unsuccessful in step 8306, "limited" is set to "Status Flag" of the registration list. In 
this case, the receiver 51 can reproduce the already purchased content but cannot purchase new content. 
[0245] Next, in step 8308, the user management block 18 encrypts the delivery key Kd of the latest version (the 

55 delivery keys Kd of the latest version for 3 months) by temporary key Ktemp and sends the encrypted keys and the reg- 
istration list generated in step 8307 to the receiver 51. 

[0246] In step 8309, the SAM 62 receives the delivery keys Kd and the registration list through the communication 
block 61 , decrypts them, and stores the decrypted delivery keys and registration list into the storage module 73. At this 
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moment, the information on charges stored in the storage module 73 is deleted and the registration list and the delivery 
l<eys Kd are updated by new ones. 

[0247] The following describes details of the settlement processing shown in step S305 of FIG. 40 with reference 
to the flowchart of FIG. 41 . 

[0248] In step S401 , the user management block 1 8 of the EMD service center 1 refers to "Charging History" of the 
information on charges to determine whether "Use Discount Point" is set. If -Use Discount Poinf is found not set 
(namely, "Not Use Discount Point" is set), the system proceeds to step S402. 

[0249] In step S402. the user management block 18 outputs the infomiation on charges, UCR and PT received in 
step S303 to the history data management block 15. In step S403, the charging processing that does not use discount 
point is executed. The following describes details of this processing with reference to FIG. 42. 

[0250] The history data management block 15 holds the information on charges, PT, and UCP supplied from the 
user management block 1 8 and supplies them to the charging block 1 9. The charging block 1 9 detects a content usage 
fee from the received items of infonnation and sends the detected content usage fee and a user payment amount equal 
thereto to the profit distribution block 16 and only the user payment amount to the cashier block 20. 
[0251] To be more specific, from the ID set to "UCP ID" of the information on charges, the charging block 1 9 deter- 
mines the UCP corresponding to the charges of this time and recognizes that this UCP has been supplied from the his- 
tory data management block 15. From the ID set to "PT ID" of the infonnation on charges, the charging block 19 
determines the PT corresponding to the charges of this time and recognizes that this PT has been supplied from the 
history data management block 15. When the UCP and the PT are found supplied, the charging block 19 determines 
"Price Description" of the PT con^esponding to "Usage Description" of the UCP from the ID set to "ID" of "Usage 
Description" and read the content usage fee set to this "Price Description." Thus, the content usage fee is detected and 
the user payment amount is made equal to the detected content usage fee. In the present example, the content usage 
fee is "1 000 yen" set to "Price Description 1 1" of PT A-1 and therefore the user payment amount is equal thereto. 
[0252] At the same time, the charging block 19 notifies the profit distribution block 16 that no discount point has 
25 been used. 

[0253] The profit distribution block 1 6 substitutes the user payment amount supplied from the charging block 1 9 into 
equation (9) to compute a user discount amount. The profit distribution block 1 6 substitutes the computed user discount 
amount into equations (7), (8), and (1 1) to compute a CP discount amount, an SP discount amount, and an EMD dis- 
count amount respectively For example, if the user payment amount is 1000 yen as in the present example, the user 
30 discount amount is 1 00 (= 1 000 x 0.1 ) yen, the CP discount amount is 20 (= 1 00 x 0.2) yen, the SP discount amount is 
30 (= 100 X 0.3) yen, and the EMD discount amount is 50 (= 100 x 0.5) yen. 

[0254] The profit distribution block 16 supplies the computed CP discount amount (20 yen), SP discount amount 
(30 yen), and EMD discount amount (50 yen) to the user management block 18. The user management block 1 8 stores 
these pieces of discount information into "Discount Point Infonnation" of the system registration information. Conse- 
35 quently, the discount amounts as shown in FIG. 10 are set to "Discount Point Information" of the system registration 
infonnation. The profit distribution block 16 sends the computed CP discount amount (20 yen) to the content provider 
management block 12 and the computed SP discount amount (30 yen) to the service provider management block 11. 
[0255] Next, the profit distribution block 1 6 computes a CP profit amount and an SP profit amount. To be more spe- 
cific, the profit distribution block 16 substitutes the content usage fee (1000 yen) supplied from the charging block 19 
40 into equations (3) and (4) to compute a CP share amount and an SP share amount. Then, the profit distribution block 
1 6 substitutes the computed CP share amount into equation (5) and the computed SP share amount into equation (6) 
to compute a CP commission and an SP commission. In the present example, the CP share amount is 600 (= 1 000 x 
0.6) yen and the SP share amount is 400 (= 1000 x 0.4) yen. Consequently, the CP commission is 60 (= 600 x 0.1) yen 
and the SP commission is 40 (= 400 x 0.1) yen. 

[0256] The profit distribution block 1 6 substitutes the computed CP share amount (600 yen), CP commission (60 
yen), and CP discount amount (20 yen) into equation (1) to compute a CP profit amount (520 yen). At the same time, 
the profit distribution block 1 6 substitutes the computed SP share amount (400 yen), SP commission (40 yen), and SP 
discount amount (30 yen) into equation (2) to compute an SP profit amount (330 yen). 

[0257] Next, the profit distribution block 1 6 substitutes the computed CP commission (60 yen), SP commission (40 
yen), and EMD discount amount (50 yen) into equation (1 0) to compute an EMD profit amount (50 yen). 
[0258] The profit distribution block 1 6 sends the computed CP profit amount (520 yen) to the content provider man- 
agement block 1 2 and the computed SP profit amount (330 yen) to the service provider management block 1 1 . At the 
same time, the profit distribution block 16 sends the computed CP profit amount (520 yen), the SP profit amount (330 
yen), and the EMD profit amount (50 yen) to the cashier block 20, 

[0259] The profit distribution block 16 also notifies the content provider management block 12 and the service pro- 
vider management block 1 1 of the use of no discount point which has been notified from the charging block 1 9. 
[0260] The content provider management block 12 supplies to the content provider 2 the CP discount amount (20 
yen), CP profit amount (520 yen), information indicative of no use of discount point (for example, the used CP discount 
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amount is 0 yen), and its signature as shown in FIG. 43. The service provider management block 1 1 supplies to the 
service provider 3 the SP discount amount (30 yen). SP profit amount (330 yen), information Indicative of no use of dis- 
count point (for example, the used SP discount amount is 0 yen), and its signature. 

[0261] On the basis of the CP profit amount, SP profit amount, and EMD profit amount supplied from the profit dis- 
5 tribution block 16, the cashier block 20 communicates with the settlement organization to execute the settlement of 
these amounts. At the same time, on the basis of the user payment amount supplied from the charging block 19, the 
cashier block 20 communicates with the user's settlement organization to execute the settlement thereof and supplies 
the settlement result to the user management block 18. In the present example, It is assumed that the EMD sen/ice 
center 1 keeps the CP discount amount (20 yen) and the SP discount amount (30 yen). Namely, a total discount amount 
10 (100 (= 20 + 30 + 50) yen) is held in the EMD service center 1 . 

[0262] Thus, when the settlement processing that uses no discount point has been completed, this settlement 
processing ends. 

[0263] If "Use Discount Point" is found set to "Charging History" of the information on charges in step 8401, then, 
the user management block 1 8 reads "Discount Point Infomiation" of the system registration information corresponding 
15 to the ID of the SAM set to "SAM ID" of the information -on charges in step S404. In the present example, it is assumed 
that the same discount amounts (CP discount amount = 20 yen. SP discount amount = 30 yen, and EMD discount 
amount = 50 yen) as "Discount Point Information" shown in FIG. 10 is read. 

[0264] In step S405. the user management block 1 8 outputs the discount amounts read in step S404 to the history 
data management block 15 along with the information on charges. UCP and PT received in step 8303. 

20 [0265] Next, in step S406, the settlement processing that uses discount point is executed. Details of this processing 
will be described with reference to FIG. 44. The history data management block 15 holds the information on charges, 
UCP, PT, and discount amounts (CP discount amount, SP discount amount, and EMD discount amount) supplied from 
the user management block 1 8 and supplies these items of infomnation to the charging block 1 9. On the basis of these 
items of information, the charging block 1 9 detects a content usage fee to compute a user payment amount. Because 

25 the content usage fee is computed in the same manner as in step S403, the description of the computation will be 
skipped. In the present example, it is assumed that the detected content usage fee is 2000 yen. 
[0266] The user payment amount is obtained by substituting the user discount amount obtained by adding the CP 
discount amount, SP discount amount, and EMD discount amount together supplied from the history data management 
block 15 and the detected content usage fee (in the present example, 2000 yen) into equation (12). In the present exam- 

30 pie, the user discount amount is 1 00 (= 20 + 30 + 50) yen, so that the user payment amount is 1 900 (= 2000 - 1 00) yen. 
[0267] The charging block 1 9 sends both the detected content usage fee (in the present example, 2000 yen) and 
the user payment amount (in the present example, 1900 yen) to the profit distribution block 16 and the user payment 
amount alone to the cashier block 20. At the same time, the charging block 1 9 sends to the profit distribution block 16 
the CP discount amount, SP discount amount, and EMD discount amount supplied from the history data management 

35 block 15 (these amounts are discounted from the charges of this time). 

[0268] Next, the profit distribution block 16 substitutes the user payment amount supplied from the charging block 
19 into equation (9) to compute a user discount amount Then, the profit distribution block 16 substitutes the obtained 
user discount amount into equations (7), (8), and (1 1 ) to compute a CP discount amount, an SP discount amount, and 
an EMD discount amount respectively. In this case, the user discount amount is 1 90 (= 1 900 x 0.1 ) yen. the CP discount 

40 amount is 38 (= 1 90 x 0.2) yen, the SP discount amount is 57 (= 1 90 x 0.3) yen, and the EMD discount amount is 95 (= 
1 90 X 0.5) yen. 

[0269] The profit distribution block 1 6 sends ail of the computed CP discount amount (38 yen), SP discount amount 
(57 yen), and EMD discount amount (95 yen) to the user management block 18. On the basis of these discount 
amounts, the user management block 18 updates the discount amount in "Discount Point Information" of the system 

45 registration infomiation. For example, if a discount amount remains, the supplied discount amounts are added to.it. 
Then, the profit distribution block 1 6 sends the computed CP discount amount (38 yen) to the content provider manage- 
ment block 12 and the computed SP discount amount (57 yen) to the service provider management block 1 1 . 
[0270] Next, the profit distribution block 1 6 computes a CP profit amount and an SP profit amount. To be more spe- 
cific, the profit distribution block 1 6 substitutes the content usage fee (2000 yen) supplied from the charging block 19 

50 into equations (3) and (4) to compute a CP share amount and an SP share amount. Then, the profit distribution block 
1 6 substitutes the computed CP share amount into equation (5) and the computed SP share amount into equation (6) 
to compute a CP commission and an SP commission respectively In the present example, the CP share amount is 
1200 (= 2000 X 0.6) yen and the SP share amount is 800 (= 2000 x 0.4) yen. The CP commission is 1 20 (= 1 200 x 0.1 ) 
yen and the SP commission is 80 (= 800 x 0.1) yen. 

55 [0271] The profit distribution block 1 6 substitutes the computed CP share amount (1200 yen), CP commission (120 
yen), and CP discount amount (38 yen) into equation (1) to compute a CP profit amount (1042 yen). The profit distribu- 
tion block 1 6 substitutes the computed SP share amount (800 yen), SP commission (80 yen), and SP discount amount 
(57 yen) into equation (2) to compute an SP profit amount (663 yen). The profit distribution block 1 6 substitutes the com- 
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puted CP commission (120 yen), SP commission (80 yen), and EMD discount amount (95 yen) into equation (10) to 
compute an EMD profit amount (105 yen). 

[0272] The profit distribution blocl< 16 sends the computed CP profit amount (1042 yen) to the content provider 
management block 12 and the computed SP profit amount (663 yen) to the service provider management block n . In 
5 this case also, the discount amounts (CP discount amount (20 yen) and SP discount amount (30 yen)) used this time 
are supplied from the charging block 19 to the profit distribution block 16, which are then sent to the content provider 
management block 12 and the service provider management block 11. 

[0273] The profit distribution block 16 sends the computed CP profit amount (1042 yen), SP profit amount (663 
yen), and EMD' profit amount (1 05 yen) to the cashier block 20. 

w [0274] The content provider management block 12 supplies the CP discount amount (38 yen) computed this time, 
the CP discount amount (20 yen) used this time, and the CP profit amount (1042 yen) to the content provider 2 along 
with a signature as shown in FIG. 45. The service provider management block 1 1 supplies the SP discount amount (57 
yen) computed this time, the SP discount amount (30 yen) used this time, and the SP profit amount (663 yen) to the 
service provider 3 along with a signature. 

75 [0275] The cashier block 20 communicates the settlement organization to execute settlement processing in the 
same manner as in step 8403. It should be noted that the EMD service center 1 further holds an amount obtained by 
subtracting the discount amount (1 90 yen) used this time from a total of the discount amounts (1 00 yen) computed this 
time, amounting along with the EMD profit amount (105 yen) to a total of 195 yen. 

[0276] When the settlement processing without using discount point has been completed, the settlement process- 

20 ing ends. 

[0277] It should be noted that the system as referred to herein denotes an entire apparatus composed of a plurality 
of devices. 

[0278] Infomnation providing media for providing a computer program for executing the above-mentioned process- 
mg operations to the user include information recording media such as a magnetic disc, a CD-ROM, and a solid mem- 

25 ory as well as communication media such as a network and a communication satellite. 

[0279] In the EMD system having the above-mentioned configuration, the receiver 51 sends to the EMD service 
center 1 the information on charges having "Charging History" indicative of use of no use of discount point with a pre- 
determined timing along with UCP and PT The EMD service center 1 references "Charging History." If "Use Discount 
Point" is found set to 'Charging History," the EMD service center 1 discounts, on the basis of the previously stored "Dis- 

30 count Point Information" of the system registration information, the content usage fee detected on the basis of the infor- 
mation on charges, UCP and, PT Thus, according to the above-mentioned configuration, the EMD service center 1 can 
provide content at discount price. 

(2) Second embodiment 

35 

[0280] Now, referring to FIG. 46, there is shown an EMD system practiced as a second preferred embodiment of 
the invention. The EMD system according to the second embodiment comprises an EMD service center 1 1 0 for accept- 
ing registrations into the EMD system and managing component devices of the EMD system, a content provider 1 1 1 for 
providing content, a sen/ice provider 1 12 for providing predetermined services corresponding to the content provided 
40 by the content provider, and a user home network 1 1 4 composed of a device (in the present example, a receiver 1 1 3) 
by which the content is used. 

[0281] As shown in FIG. 47, in this EMD system, the EMD service center 1 1 0 specifies the discount Infomiation for 
the price of content and sends the specified discount infomnation to the content provider 1 1 1 and the service provider 
112. Consequently, the discount information is shared among the EMD service center 1 1 0, the content provider 111, 

45 and the service provider 1 12. This discount information is made up of the discount amount and discount ratio for the 
price of content (these being hereafter generically referred to as discount Information) and the point amount and point 
ratio for a discount (these being hereafter generically referred to as point information) that occur when content is pur- 
chased. The discount information may also be specified by the content provider 1 1 1 and the service provider 112. 
[0282] The content provider 1 1 1 sets discount information as desired for the cost price of content concerned to 

50 each content description (two types of discount infomnation, discount amount or discount ratio and discount point 
amount or discount point ratio may be set for each usage description) and sends to the service provider 112 a content 
secure container composed of a signed UCP including this discount information, the content (encrypted by content key 
Kco), the content key Kco (encrypted by delivery key Kd), and the signature of the content provider 111. 
[0283] The service provider 1 1 2 sets discount infonnation as desired to the sale price in the content price condition 

55 (two types of discount information, discount amount or discount ratio and discount point amount or discount point ratio 
may be set to one price condition) sends to the user home network 1 14 (or the receiver 1 1 3) through a network 115a 
service provider secure container composed of a signed PT including the discount information, the content (encrypted 
by content key Kco), the content key Kco (encrypted by delivery key Kd), the signature of the content provider 1 1 1 , and 
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the signature of the service provider 112. 

[0284] The user home network 114 (or the receiver 1 13) generates, as the processing for using the content, a UCS 
on the basis of the UCP and PT included in the received service provider secure container and, at the same time, gen- 
erates, on the basis of these UCP and PT, the infonnation on charges that reflects the discount Information. The user 
home network 1 14 sends the generated information on charges along with these UCP and PT to the EMD service 
center 110 when, for example, the user home network receives the supply of the delivery key Kd from the EMD sen/Ice 
center 1 10. It should be noted that, if the information included in the UCP and PT is set to that generated information 
on charges before sending it to the EMD service center 110, the user home network 114 may be adapted not to sepa- 
rately send these UCP and PT to the EMD service center 1 10. 

[0285] Then, the EMD service center 110 executes settlement processing on the basis of the information on 
charges supplied from the user home network 1 14 (or the receiver 113) and discounts the content sale price on the 
basis of the discount information included in that infomnation on charges. Thus, in the EMD system according to the 
second embodiment is adapted that the content may be purchased at a discount price determined by the discount Infor- 
mation set by the content provider 111 and the service provider 112 as desired. 

[0286] Referring to FIG. 48, components similar to those previously described with reference to FIG. 11 are 
denoted by the same reference numerals. FIG. 48 shows a functional block diagram of the content provider 1 11 . A pol- 
icy storage block 120 stores the UCP including the discount infonnation set by the content provider 1 1 1 to the content 
usage description. When sending the content, the policy storage block 1 20 outputs this UCP to a secure container gen- 
eration block 38. 

[0287] FIGS. 49A and 49B show UCP A and UCP B respectively (in the present example, these two UCPs are set 
to one piece of content). Like the UCPs used in the first embodiment, each of these UCPs has items "Content ID " "Con- 
tent Provider ID." "UCP ID," "UCP Valid Period." "Usage Condition," and "Usage Description." Except for this "Usage 
Description." the other items are the same in the infomnatron to be set as those of the UCP of the first embodiment. 
[0288] Like "Usage Description" of the first embodiment, that of the second embodiment has items "ID," "Form," 
"Parameter." and "Management shift permit information." These items having the same information as that contained 
in the corresponding items of UCP of the first embodiment. 

[0289] In addition, as discount information, "Usage Description" of the UCP of the second embodiment has item 
"Code" to which a code value (for example, "00010000") Indicative of a discount amount for the cost price of content 
and usage fomn. a code value (for example. "00010001") indicative of a discount ratio for the cost price of content and 
30 usage form, a code value "for example, "00100000") indicative of a point amount caused by the purchase of content 
and usage form, and a code value (for example. "001 00001 ") indicative of a point ratio caused by the purchase of con- 
tent and usage form are set. 

[0290] It should be noted that, if no discount is to be made on the cost price of content and usage form and no point 
Is to be caused by the purchase, nothing or a code value indicative of no discount or point Is set to "Code" of "Usage 
35 Description." 

[0291 ] Thus, the content provider 1 1 1 sets discount infomiation to the cost price of the content for sale as desired 
and includes the description of this discount information into the UCP as a code value. 

[0292] Refen-ing to FIG. 50. components similar to those previously described with reference to FIG. 17 are 
denoted by the same reference numerals. FIG. 50 shows a functional configuration of the service provider 1 1 2. Like the 
40 value attachment block 42 of the first embodiment, when the content provider secure container is found con-ect, a value 
attachment block 121 generates a PT including discount information In con-espon dance with the UCP Included in the 
content provider secure container and sends the generated PT to a secure container generation block 44. 
[0293] FIGS. 51 A and 51 B show PT A-1 and PT A-2 respectively (in the present example, these two PTs are set to 
one piece of content). Each of the PTs has items "Content ID," "Content Provider ID." "UCP ID," "Service Provider ID," 
-PT ,D « Period," "Price Condition." and "Price Description" like the PTs of the first embodiment. Except for 

"Price Condition." the other items are the same in information to be set as those of the PT of the first embodiment 
[0294] Like "Usage Condition" of the UCP described with reference to FIG. 49. "Price Condition" of the PT of the 
second embodiment has items "User Condition" to which a user condition that can select this PT is set and "Device 
Condition" to which a device condition that can select this PT is set, in addition to item "Code." 

[0295]^ tn the present example, like "Code" of "Usage Description" of the UCP described with reference to FIG. 49, 
"Code" of the PT has, as the description of discount Infomnation, a code value (for example, "0001 0000") Indicative of 
a discount amount for the sale price of content and usage form, a code value (for example, "0001 0001 ") indicative of a 
discount ratio for the sale price of content and usage form, a code value (for example, "001 00000" indicative of a point 
amount caused by the purchase of content and usage form, and a code value (for example. "00100001") indicative of 
55 a point ratio caused by the purchase of content and usage form. 

[0296] It should be noted that, If no discount is to be made on the sale price of content and usage form and no point 
is to be caused by the purchase, nothing or a code value indicative of no discount or point is set to "Code" of "Usage 
Description." 
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[0297] Thus, in the service provider 1 12, the value attachment block 121 sets discount information for the sale price 
of content for sale separately from the content provider 111 as desired and includes the description of this discount 
information into the PTs as a code value. 

[0298] Referring to FIG. 52, components similar to those previously described with reference to FIG. 22 are 
5 denoted by the same reference numerals. FIG. 52 shows the receiver 113, in which an charging processing module 126 
of a SAM (Secure Application Module) 125 generates a UCS and information on charges including discount information 
on the basis of the UCP and FT selected by the user. It should be noted that this UCS is the same in configuration as 
the UCS of the first embodiment. 

[0299] FIG. 53 shows information on charges generated on the basis of the usage description 11 of the UCP A 

10 shown in FIG. 49A and the PT A-1 shown in FIG. 51 A. Except for the information on charges and "Charging History" 
described in the first embodiment, the information on charges shown in FIG. 53 has items "Content ID," "Content Pro- 
vider ID," "UCP ID," "UCP Valid Period," "Service Provider ID," "PT ID." "PT Valid Period," "UCS ID," "SAM ID," "User 
ID," and "Usage Description." Except for "Usage Description," the other items have the same information as that of the 
corresponding items of the UCS. 

15 [0300] "Usage Description" of the information on charges shown in FIG. 53. has the information set to "Usage 
Description 1 1 " of the UCS A without change and, in addition thereto, "UCP Code" and "PT Code." This "UCP Code" 
has a code value set to "Usage Description 1 1 " selected by the user (namely, the description of the discount information 
set by the content provider 1 1 1 to "Usage Description 1 1 ." This "PT Code" has a code value without change included 
in the PT used when this information on charges is generated (namely, the discount information set by the service pro- 

20 vider 1 12 on the basis of this PT). 

[0301] tt should be noted that, when the infonnation on charges and the corresponding UCP and PT are sent from 
the receiver 1 1 3 to the EMD service center 1 1 0, "UCP ID" and "PT ID" are stored In this Infonnation on charges. There- 
fore, as shown In FIG. 54, "UCP Code" and "PT Code" may not be provided in the information on charges, thereby 
allowing the EMD service center 1 10 to identify the corresponding UCP and PT on the basis of "UCP ID" and "PT ID" 

1^5 incluoed in the information on charges to use "Code Value" of "Code" included in the identified UCP and PT for settle- 
ment processing. 

[0302] If only the information on charges is sent from the receiver 1 13 to the EMD service center 1 1 0 (namely the 
coTesponding UCP and PT are not sent), "UCP Code" and "PT Code" may be set to the information on charges instead 
of "UCP ID- and "PT ID" as shown in FIG. 55. 

[0303] Thus, when generating the infonnation on charges by use of the charging processing module 1 26, the SAM 
1 25 does not especially recognize the discount information set by the content provider 1 1 1 and the service provider 1 1 2 
ana sets the discount information to the information on charges without change. It should be noted that the receiver 113 
holds reference Information having no "Discount Point Information" in a storage module 73 and uses this reference 
mtormation only when selecting the UCP and PT included in the service provider secure container. 

.i- [0304] Meanwhile, in the EMD service center 1 1 0, when settlement processing is executed on the basis of the infor- 
rtiaiio'i on charges supplied from the receiver 113, if the discount information set by the content provider 1 1 1 and the 
service provider 1 12 is discount information, the settlement processing Is executed by use of this discount information. 
If tne dtscount Infonnation Is point infonnation, the point information set by the content provider 1 1 1 and the point infor- 
mation SCI by tne service provider 112 are stored separately along with the ID of the SAM 125 of the receiver 113. 

■*o [0305] Consequently, in the receiver 1 1 3, the SAM 125 inquires the user through a display device (not shown) of a 
display control block 67 whether to use the point Information at various times such as purchasing content, sending infor- 
mation on cnarges to the EMD service center 110 (namely, executing settlement processing in the EMD service center 
1 10). and checking the remainder of points from the receiver 1 13 to the EMD service center 1 1 0. 
[0306] Then, in response to this inquiry when the user specifies through an input control block 68 the use of one of 

•J5 the point information set by the service provider 1 1 2 and the point information set by the content provider 1 1 1 , the SAM 
125 generates a point usage flag indicative of use or no use of the point Information specified by the user and sends 
the generated flag to the EMD service center 1 1 0 along with the infonnation on charges. 

[0307] Only when the point usage flag supplied with the infonnation on charges from the receiver 1 1 3 specifies the 
use of point information, the EMD service center 1 1 0 uses the point infonnation stored so far (the point infonnation set 

50 by the content provider 1 1 1 or the point infonnation set by the service provider 1 12) to execute settlement processing. 
For settlement processing, both the point Information set by the content provider 1 1 1 and the point Information set by 
the service provider 1 12 may be used or these pieces of point infonnation may be used with the discount information. 
[0308] Also, the SAM 125, without sending the code value of point infonnation to the EMD service center 110, may 
store, on the basis of this code value, the point information set by the content provider 1 1 1 and the point information set 

55 by the service provider 112 into the storage module 73 in the SAM 125 for example. When the use of the point informa- 
tion Is specified by the user, the SAM 125 sends the stored point infonnation to the EMD service center along with the 
Information on charges. Then, the EMD service center 1 1 0 uses this point infonnation for settlement processing. 
[0309] Referring to FIG. 56. components similar to those previously described with reference to FIG. 3 are denoted 
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by the same reference numerals. FIG. 56 shows a configuration of the EMD service center 110. As shown, in the EMD 
service center 1 10, a user management blocl< 130 captures the information on charges, the corresponding UCP and 
PT, and the point usage flag attached thereto from the receiver 1 13 and supplies them to a history data management 
block 1 31 . 

5 [0310] On the basis of "Usage Description" of the information on charges supplied from the user management 
block 130, the history data management block 131 extracts the corresponding code value (indicative of the description 
of the discount information set by the content provider 111) from the UCP and the corresponding sale price and code 
value (indicative of the description of the discount information set by the service provider 1 12) from the PT The history 
data management block 131 holds a table listing the correlation between the descriptions of discount information and 

10 their code values. On the basis of the code values extracted from the UCP and the PT, the history data management 
block 1 31 searches this table to recognize the description of the discount information indicated by the code values. The 
code value may be extracted from the infomnation on charges instead of the UCP and PT 

[031 1 ] If none of the code values extracted from the UCP and the PT is found indteative of no discount, the history 
data management block 131 supplies various pieces of ihfonnatiori such as the information on charges and the UCP 

IS and PT (hereafter referred to simply as various information) corresponding to a profit distribution block 1 32, an charging 
block 1 9, a service provider management block 1 33, and a content provider management block 1 34 without change. 
[0312] If any of the code values extracted from the UCP and the PT is found indicative of discount information (dis- 
count amount or discount ratio), the history data management block 131 discounts the sale price on the basis of this 
discount infomiation and supplies the resultant discount price inforniatlon to the profit distribution block 132. the charg- 

20 ing block 1 9, the service provider management block 133, and the content provider management block 134 along with 
the various information. 

[0313] Further, if any of the code values extracted from the UCP and the PT is found indicative of point information 
(point amount or point ratio), the history data management block 131 separates this point information into the point 
infomnation set by the content provider 1 1 1 and the point information set by the service provider 1 1 2 and adds them to 
25 the stored point infonnation set by the content provider 1 1 1 and the point infomnation set by the service provider 112 
respectively to stored the resultant point information. At the same time, the history data management block 131 sup- 
plies the various information to the profit distribution block 1 32, the charging block 1 9, the service provider management 
block 1 33, and the content provider management block 1 34. 

[0314] If the point usage flag indicates that the point information is used, the history data management block 131 
30 uses the stored point information (set by the content provider 1 1 1 or the service provider 1 1 2) to discount the sale price 
and supplies the resultant discount price information to the profit distribution block 132, the charging block 19, the serv- 
ice provider management block 133, and the content provider management block 134 along with the various informa- 
tion. 

[0315] On the basis of the various information and the discount price infonnation supplied from the history data 
35 management block 131 , the profit distribution block 1 32 computes a profit amount for both the service provider 1 12 and 
the content provider 1 1 1 with a predetermined timing (for example, at execution of settlement processing or on a pre- 
determined day per month) and outputs the computed profit amount to the service provider management block 133, a 
cashier block 20, and a copyright management block 1 3. At the same time, the profit distribution block 1 32 receives con- 
tent cost price information from the history data management block 1 31 , computes a profit amount for the content pro- 
40 vider 111 for that cost price, and outputs the computed profit amount to the content provider management block 134, 
the cashier block 20, and the copyright management block 1 3. It should be noted that, in this profit computation, a profit 
(or a commission) for the EMD service center 1 1 0 is not computed, but it may be computed as required. 
[0316] When the service provider management block 133 has received the above-mentioned various information 
and discount price from the history data management block 131 and the profit amount for both the service provider 112 
45 and the content provider 1 1 1 from the profit distribution block 132, the service provider management block 133 gener- 
ates, on the basis of these pieces of information, the information (hereafter referred to as service provider settlement 
infonnation) about the settlement that uses the discount information set by the service provider 1 12 and the content pro- 
vider 1 1 1 and sends the generated information to the service provider 112. 

[0317] The service provider settlement information includes a discount price obtained by subtracting, from a cpn- 
50 tent sale price; a discount amount corresponding to the discount information (discount amount or discount ratio) set by 
the service provider 1 12 and the content provider 1 1 1, an amount corresponding to the point information set by the 
service provider 1 12, and the discount information set by the content provider 111. The service provider settlement 
infonnation is attached with the signature and sent to the service provider 112. The service provider settlement infor- 
mation is used to verify if the discount information set by the service provider 112 has been used correctly. 
55 [031 8] When the above-mentioned various information and discount price are supplied from the history data man- 
agement block 1 31 and the computed profit amount for the content provider 1 1 1 from the profit distribution block 1 32, 
the content provider management block 1 34 generates, on the basis of these pieces of supplied information, settlement 
infonnation (hereafter referred to as content provider settlement information) that uses the discount information set by 
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the content provider n 1 and sends the generated information to the content provider 111. 

[031 9] The content provider settlement information includes the discount price obtained by discounting the cost 
price of content by use of the discount infomiation (discount amount or discount ratio) set by the content provider 1 1 1 
and an amount corresponding to the point information set by the content provider ill. This content provider settlement 
informat.on is attached with the signature and is sent to the content provider 111. This information is then used to verify 
If the discount information set by the content provider 1 1 1 has been used con-ectly 

10320] Thus in the ElVID service center 110, the charging block 19 supplies the content discount price supplied 
from the history data management block 15 to the cashier block 20 and the profit distribution block 132 as a user pay- 
ment amount. Consequently, the EMD system according to the second embodiment allows the user to purchase con- 
rn?,fi ^ TT l^Z ^ °^ information set by the content provider 1 1 1 and the service provider 1 12. 

[0321] In the EMD system according to the second embodiment, the profits raised by content purchase are all 
stored once in the service provider 1 1 2. Then, the profits are distributed by the service provider 1 12 to the content pro- 
vider 1 1 1 according to its share. "^iiieni pro 

[0322] Because the discount information is sent from the content provider 1 1 1 and the service provider 1 12 throuah 
the receiver 113 to the EMD service center 110. the user management block 130 manages the system management 
information having generally the same configuration as the system registration infomiation described with reference to 
FIG. 9, except for item "Discount Point Information." 

. I'!Ifr^°"°'^"^ describes the flow of the discount information by use of actual amounts of money in the above- 
mentioned EMD system with reference to FIG. 57. Namely, it is assumed here that the content provider 111 sets dis- 
ZT1*T"^^TJ^ ""T '° "^^^^^ Description" included in a predetemiined UCR for example, the discount 

informal on including a discount amount of "1 0 yen" and a point amount of "3 yen". The content provider 1 1 1 stores the 
resultant UCP in a content provider secure container and sends it to the service provider 1 1 2 

i?fn«^!nt " f ^T^'* ^^"^"^ P"'"''^^'- ^ ^2 generates a PT in which discount information including a 

With r Mr p" . H ^'.M 0^°'"' ^"""""^ of "1 0 yen" is set as code values to "Price Condition" in correspondence 
with the UCP including Usage Description" for discount infomnation composed of discount amount "10 yen" and dis- 
count point of "3 yen" supplied from the content provider 1 1 1 . The service provider 112 stores this PT Jong with the 
UCP into a service provider secure container and sends it to the receiver 113. 

[0325] In the receiver 113, when the user requires to purchase the content indicated by the PT (in which the dis- 
count information including a discount amount of "5 yen" and a point amount of "1 0 yen" is set to "Price Condition" bv 
the service provider 112) according to "Usage Description" of the corresponding UCP to which the discount infomiation 
including a discount amount of "10 yen" and a point amount of "3 yen" is set by the content provider 1 1 1 tt^eSmTzs 

nlL^prrn'^"' ^"T^^^!?^^^'''^ °" ""^'^ °^ ^^'^ ^•^^ by means of the charging processing mod- 
ule 126. By doing so. the SAM 125 generates information on charges that includes the code value of the discount infor- 
mation set by the content provider 1 1 1 to "Usage Description" and the code value of the discount infomiation set by the 
35 service provider 112 to "Price Condition." "miuiij,ciDy me 

. '"^ '""""^^ user whether to use or not to use point through the display con- 

trol block 67 a predetermined time intervals. When the user replies with intention of use or no use of point through the 
input control block 68. the SAM 125 generates a point usage flag accordingly. Then, the SAM 125 attaches the point 
usage flag to the information on charges and the corresponding UCP and PT at predetemiined time intervals and 
40 attaches the signature to the entirety of the infomnation on charges, the corresponding UCP and PT and the point 
usage flag^The SAM 125 sends these signed information on charges, corresponding UCP and PT and point usage flag 
to the EMD service center 110. f » a 

[0327] Next in the EMD service center 110, the information on charges, corresponding UCP and PT, and point 
usage flag supplied from the receiver 1 13 are put in the user management block 130. If these pieces of information are 
found untampered by verifying the attached signature, these pieces of information are then sent to the history data 
management block 131. <ioiory aaia 

[0328] Upon receiving these pieces of information, the history data management block 131 determines by the point 
usage flag whether or not to use the point information and, at the same time, detects a sale price of "200 yen" for exam- 
ple of the content on the basis of the supplied PTand the description (namely, discount amount or discount ratio) of the 
discount information indicated by the code value included in the infomiation on charges by use of the data table If no 
use of point information is found specified, the history data management block 131 subtracts the discount amount of 
10 yen set by the content provider 1 1 1 and the discount amount of "5 yen" set by the service provider 1 12 from the 
content sales price of "200 yen" to obtain a discounted price of "1 85 yen." 

[0329] If use of point information (or point amount) Is found specified by the point usage flag, the history data man- 
S.Tr„?J!f K ' '"''^'^^ the discount amount of "1 0 yen" set by the content provider 1 1 1 and the discrramount 
of 5 yen set by the service provider 1 1 2 from the sale price of "200 yen." Then, from this subtraction result, the history 
data management block 131 further subtracts the stored point amount (including the point amount of "3 yen" set by the 
content provider 1 1 1 ) set by the content provider 1 1 1 or the accumulated point amount (including the point amount of 
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"10 yen" set by the service provider 1 12) set by the service provider 112, thereby computing a discount price. 
[0330] If the accunnulated point amount set by the service provider 1 12 is used to discount the price information, 
the history data management block 1 31 subtracts the discount amount of "1 0 yen" set by the content provider 1 1 1 and 
the discount amount of "5 yen" set by the service provider 1 12 from the sale price of "200 yen" to compute a discount 

5 price of "1 85 yen." Then, the history data management block 131 makes comparison between the total amount (includ- 
ing the point amount of "10 yen" set by the service provider 1 12) of point amounts set by the service provider 112 for 
which the use of point is specified and the discount price of "185 yen." The history data management block 131 sub- 
tracts the total amount or the discount price, whichever Is smaller, from the discount price of "1 85 yen." Thus, the history 
data management block 1 31 computes a discount price which is not negative in value. If there is still a remainder in the 

10 stored point amount after being used for discounting the sale price, the history data management block 131 stores the 
remaining points again. 

[0331] If the accumulated point amount set by the content provider 1 1 1 is use]d for discounting the price informa- 
tion, the histofy data management block 131 performs the discount that uses the point amount (or point ratio) on the 
cost price of the content and reflects the resultant discount price for the cost price onto the sale price (in this example, 
15 the discount price obtained by subtracting the discount amount of "5 yen" set by the service provider 1 1 2 from the sale 
price) of the content. 

[0332] Namely, the history data management block 131 subtracts the discount amount of "10 yen" set by the con- 
tent provider 1 1 1 from the cost price of "1 00 yen" to compute a discount price of "90 yen" and then makes comparison 
between the total amount (including the point amount of "3 yen" set by the content provider 1 1 1 ) of the point amounts 

20 set by the content provider 1 1 1 for which use of point is specified and the discount price for the cost price of "90 yen." 
The history data management block 131 subtracts the total amount of point amount or the discount price against the 
cost price, whichever is smaller, from the discount price of "90 yen." Thus, the history data management block 131 com- 
putes a discount price for the cost price, which is not negative in value. If there is a remainder in the accumulated point 
amount after being used for discounting the sale price, the history data management block 131 stores the remaining 

25 points again. 

[0333] This history data management block 131 executes the like discount processing when using a discount ratio 
for discount information or a point ratio for point information. 

[0334] As described, in the above-mentioned EMD system, content sale prices can be discounted by use of the dis- 
count infonnation set arbitrarily by the content provider 1 1 1 and the service provider 112, respectively 
30 [0335] The following describes, with reference to FIG. 58, shares of the service provider 1 12 and the content pro- 
vider 1 1 1 caused by the above-mentioned discount processing executed on the basis of the service provider settlement 
information and the content provider settlement information generated by the service provider management block 133 
and the content provider management block 134 respectively 

[0336] If point information (or point amount) is not used, the service provider management block 133 subtracts a 
35 discount amount of "5 yen" set by the service provider 112 and a discount amount of "10 yen" set by the content pro- 
vider 1 1 1 from a content sales amount to compute a discount price of "1 85 yen." Then, the service provider manage- 
ment block 1 33 sends to the service provider 1 1 2 this discount price of "1 85 yen" and a point amount of "1 0 yen" set by 
the service provider 112 which is added to the user's point amount because no point information (or point amount) Is 
used. These discount price and point information are signed before being sent. 
40 [0337] If no point information (or point amount) is used, the content provider management block 134 subtracts the 
discount amount of "1 0 yen" set by the content provider 1 1 1 from a content cost price of "100 yen" (which becomes the 
share of the content provider 1 1 1 when there is no discount amount set by the content provider 1 1 1 ) to compute a dis- 
count amount of "90 yen." Then, the content provider management block 1 34 sends to the content provider 1 1 1 this dis- 
count price of "90 yen" and a point amount of "3 yen" set by the content provider 111, which is added to the user's point 
45 amount because no point information (or point amount) is used. These discount price and point information (or amount) 
are signed before being sent. 

[0338] In other words, when only discount amount is used, the service provider 112 is informed of a share of "185 
yen" for both the service provider 112 and the content provider 111. Consequently, the service provider 1 1 2 distributes 
"90 yen" from this "1 85 yen" as the share of the content provider 111. 

50 [0339] On the other hand, if point information (or point amount) is used, the service provider management block 
133 subtracts the discount amount of "5 yen" set by the service provider 1 12 and the discount amount "10 yen" set by 
the content provider 111 from the content sale price to compute a discount price of "185 yen." The service provider 
management block 133 further subtracts the discount amount indicated by the accumulated point information (or point 
amount) set by the service provider 1 1 2 from this discount amount of "1 85 yen" to compute a discount price. Then the 

55 service provider management block 133 sends the obtained discount price and the information indicative of the use of 
the point infonnation (or point amount) set by the service provider 1 1 2 to the service provider 1 1 2. These obtained dis- 
count price and information are signed before being sent. 

[0340] If point information (or point amount) is used, the content provider management block 1 34 subtracts the dis- 
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count amount of "10 yen" set by the content provider 1 1 1 from the content cost price of "100 yen" to compute a cost 
price. Further, the content provider management block 134 subtracts a discount amount indicated by the stored point 
information (or point amount) set by the content provider 1 1 1 from the obtained cost price, discount price to a cost price. 
The content provider management block 1 34 sends to the content provider 1 1 1 the discount price for the obtained cost 
5 price and the infomnation indicative of use of the point information (or point amount) set by the content provider 111. 
These discount price and information are signed before being sent. 

[0341] It should be noted that, although not referred to explicitly, the EMD system according to the second embod- 
iment is adapted to provide content to be submitted as a single content consisting of one piece of music or an album 
content consisting of plural pieces of music. 
10 [0342] When providing content as a single or an album, the EMD system according to the second embodiment can 
specify data formats of various information as described below. 

[0343] FIGS. 59 and 60 show UCP data formats. The UCPs shown are generated for each single content for each 
album content respectively by the content provider 111, indicating the usage right of which the user home network 1 14 
can purchase the content. 

15 [0344] The UCP data for single content (FIG. 59) include data type, UCP type, UCP valid period, content ID, content 
provider ID, UCP ID, UCP version, area code, qualified device condition, qualified user condition, service provider ID, 
generation management information, number of rules including purchasable usage right indicated by this UCP, address 
information indicative of rule storage location, rule stored at the location indicated by this address information, public 
key certificate, and signature. 

20 [0345] Each rule is composed of rule number, usage right description, its parameter, minimum sale price, content 
provider profit amount, content provider profit ratio, data size, and transmission information. 

[0346] The UCP data for album content (FIG. 60) include data type, UCP type, UCP valid period, album ID, UCP 
version, content provider ID, UCP ID, area code, qualified device condition, qualified user condition, service provider ID, 
number of UCPs of single contents constituting this album, address information indicative of single content UCP stor- 
es age location, data packet of single content UCP stored at the location indicated by this address information, generation 
management infomnation, number of rules including purchasable usage right indicated by this UCP, address information 
indicative of storage location of this rule, rule stored at location indicated by this address information, public key certifi- 
cate, and signature. 

[0347] Each rule consists of rule number assigned as serial number for each usage right, usage right description 
30 number, parameter, minimum sale price, content provider profit amount, content provider profit ratio, data size, and 
transmission information. 

[0348] In these UCPs, the data type denotes that the data are UCP data. The UCP type denotes that this UCP is 
either for single content or album content. The UCP valid period denotes a period in. which this UCP can be used. This 
period is represented by date of expiration or the number of days from the day starting the usage as a reference to the 

35 end of usage for example. The content ID and the album ID denote purchasable single content or album content indi- 
cated by the UCP. The content provider ID denotes the ID of the content provider 111 that specifies this UCP. 
[0349] The UCP ID identifies this UCR For example, if two or more UCPs are set for the same content, the UCP ID 
is used. The UCP version denotes the version information about the UCP updated according to usage period. There- 
fore, each UCP is managed by these UCP ID and UCP version. 

40 [0350] The area code denotes an area in which this UCP can be used. Assigned to this area code are a code indic- 
ative of a particular area specifying a UCP usable area and a code for making this UCP usable in all areas. The qualified 
device condition denotes the condition of a device that can use UCR The qualified user condition denotes the condition 
of user who can use UCR 

[0351] The service provider ID denotes the ID of the service provider 112 that uses UCR This ID of the service pro- 
45 vider includes an ID of the particular service provider 1 12 for restricting the service provider 1 12 that can use UCP and 
an ID that allows two or more (or all) service providers to use this UCP. 

[0352] The generation management information denotes the maximum number of times for which content can be 
repurchased. The signature is attached to the entire UCP from the data type to the public key certificate, except for this 
signature itself. The algorithm and parameter used for generating this signature and the key for verifying this signature 

50 are included in the public key certificate. 

[0353] In each rule, the usage right description number denotes a number attached to each usage right description. 
The parameter is a parameter of the usage right description. The minimum sale price denotes a minimum sale price at 
which single or album content is sold according to the usage right description. The content provider profit amount and 
profit ratio denote the amount of profit and the profit ratio for sale price that the content provider 1 1 1 can get when single 

55 content or album content is purchased. The data size is the data size of information to be transmitted. This transmission 
information consists of the point set by the content provider 111, which is added to the user's point amount when the 
user makes purchases of the usage right, mileage information consisting of the discount amount of the usage right 
according to this point, and the various information set by the content provider 1 1 1 as required. 
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[0354] In the UCP of album content, a plurality of the rules each shows each a purchase form of this album. In the 
UCPs of two or more single contents stored in the UCP of album content, the rule stored In each UCP denotes a pur- 
chase form of a single content in the album such that each corresponding single content may be purchased as a single 
piece of music separately or only as an album piece of music (namely, the corresponding single content may only be 
5 purchased with other single contents as an album). 

[0355] Consequently, the UCP of album content is defined so that album content can be purchased either as an 
album content or a single content on the basis of the rule of that UCP. 

[0356] In the UCP of album content, the signature is attached to the entire UCR Therefore, only verifying the sig- 
nature allows checking of not only the UCP of this album content but also the UCPs^of single contents for tampering 

10 without verifying each single content UCR thereby facilitating signature verification. 

[0357] It should be noted that the UCPs of single and album contents may store information indicative whether to 
execute content signature verification or not. This infonnation is provided in consideration of a relatively large content 
data quantity, which takes long for signature verification. When this information is stored in the UCPS, content signature 
verification is executed or not as specified by this information. 

15 [0358] In the above-mentioned UCP of album content, the UCPs of plural single contents constituting this album 
are stored; but these single content UCPs may not be stored. 

[0359] In addition, in the UCPs of single and album contents, the content provider profit amount and ratio may be 
collectively managed by the EMD service center 1 10, so that, as shown in FIGS. 61 and 62, these UCPs may be con- 
figured without the content provider profit amount and ratio. 
20 [0360] FIGS. 63 and 64 show data formats of PTs. These PTs are generated by the service provider 1 12 for each 
single content UCP or each album content UCP supplied from the content provider 1 1 1 and show the prices of single 
content and album content, respectively 

[0361] The data of PT for single content (FIG. 63) include data type, PT type, PT valid period, content ID, service 
provider ID, PT ID, PT version, area code, qualified device condition, qualified user condition, content provider ID, ID of 
25 UCP attached with this PT, number of rules including purchasable usage right indicated by this PT, address inforrnation 
indicative of storage location of this rule, rule stored at the location indicated by this address information, public key cer- 
tificate, and signature. 

[0362] Each rule in the single content PT consists of rule number attached as serial number for each usage right, 
service provider profit amount, service provider profit ratio, price, data size, and transmission infonnation. 

30 [0363] The data of the PT for album content (FIG. 64) include data type, PT type, PT valid period, album ID, service 
provider ID, PT ID, PT version, area code, qualified device condition, qualified user condition, content provider ID, ID of 
UCP attached with this PT, number of PTs of single contents constituting this album, address information indicative of 
storage location of single content PT, data packet of single content PT stored at the location indicated by this address 
information, number of rules including purchasable usage right indicated by this PT, address information Indicative of 

35 storage location of these rules, rules stored at the location indicated by this address information, public key certificate, 
and signature. 

[0364] Each rule in the album content PT consists of rule number attached as a serial number for each usage right, 
service provider profit amount, service provider profit ratio, price, data size, and transmission infonnation. 
[0365] In these PTs, the data type indicates that these data are data about PT The PT type denotes whether this 
40 PT is a single content PT or an album content PT The PT valid period denotes a period in which this PT can be used. 
This period is represented by date of expiration or the number of days from the start of usage to the end of usage for 
example. The album ID indicates purchasable single content and album content indicated by this PT. The service pro- 
vider ID denotes the ID of the service provider 112 that generated this PT. 

[0366] The PT ID identifies this PT For example, the PT ID is used for identifying the ID of this PT when two or more 
45 PTs are specified for the same content. The PT version denotes the version information about the history of PT revision 
according to usage period. Therefore, each PT is managed by these PT ID and PT version. 

[0367] The area code denotes an area in which this PT can be used. Assigned to this area code are a code indic- 
ative of a particular area specifying a PT usable area and a code for making this PT usable in all areas. The qualified 
device condition denotes the condition of a device that can use the PT. The qualified user condition denotes the condi- 

50 tion of user who can use the PT The content provider ID denotes the ID of the content provider 1 1 1 specifying the UCP 
to which the PT is attached. The UCP ID is for identifying the UCP to which the PT is attached. 
[0368] The signature is attached to the entire PT from the data type to the public key certificate, except for this sig- 
nature itself. The algorithm and parameter used for generating this signature and the key for verifying this signature are 
included in the public key certificate. 

55 [0369] In each rule, the rule number employ exactly the same number coaesponds to the rule number used in the 
UCR The service provider profit amount and profit ratio denote the amount of profit and the profit ratio for sale price that 
the service provider 1 12 can get when single content or album content has been purchased. The price denotes the sale 
price of single content and album content set by the service provider 1 12 on the basis of the usage right description and 
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the corresponding minimum sale price. The data size is the data size of information to be transmitted. This transmission 
information consists of the point set by the service provider 112. which is added to the user's point amount when the 
user purchases the usage right, mileage Information consisting of the discount amount of the usage right according to 
this point, and the various information set by the service provider 1 12 as required. 
5 [0370] When generating the PT, the service provider 1 1 2 can set all purchasable usage rights indicated by the cor- 
responding UCP as the purchasable usage rights indicated by this PT At the same time, the service provider 112 can 
set usage rights selected from among all purchasable usage rights indicated by that UCP as the purchasable usage 
rights indicated by the PT Thus, the service provider 112 can select any of the usage rights specified by the content 
provider 111. 

10 [0371] In the PT of album content, the plural rules specifies each a sale price according to album purchase form. 
Of the plural single content PTs stored in the album content PT, the rule of the PT of single content that can be sold as 
a single piece of music specifies the sale price of this single content to be sold. 

[0372] Therefore, in the album content PT, only this PT above can recognize both the sale price of album and the 
sale price of single content that can be sold as a single piece of music. 
15 [0373] Further, in the PT of album content, the signature is attached to the entire PT, so that verifying only this sig- 
nature allows checking of the PT of this album content and the PTS of single contents for tampering without verifying 
each one of single content PT, thereby facilitating signature verification. 

[0374] It should be noted that, in the PTs of single content and album content, the information whether or not having 
been verified or not verified the signature for content can be stored as with the case of the UCPs described above with 
20 reference to FIGS. 59 and 60. In the above-mentioned PT of album content, the PTs of plural single contents constitut- 
ing this album are stored; but these single content PTs may not be stored therein. 

[0375] In addition, in the PTs of single and album contents, the service provider profit amount and profit ratio may 
be collectively managed by the EMD service center 1 10, so that, as shown in FIGS. 65 and 66, these PTs may be con- 
figured without the service provider profit amount and ratio. 

25 [0376] Referring to FIG. 67, there is shown a data format of UCS. This UCS is generated when the user purchases 
content in the device in the user home network 11 4, on the basis of the UCP of the purchased content. This USC indi- 
cates the usage right description selected by the user from the usage right descriptions indicated by this UCP. 
[0377] The UCS data include datatype, UCS type, UCS valid period, content ID, album ID, SAM ID, user ID, content 
provider ID, UCP ID, UCP version, service provider ID, PT ID, PT version, UCS ID, rule number attached to reproduction 

30 right (usage right) as a serial number, usage right description number, reproduction remain count, reproduction right 
valid period, rule number attached to duplication right (usage right) as a serial number, usage right description number, 
duplication remain count, generation management information, and ID of SAM holding reproduction right. 
[0378] In the UCS, the data type denotes that these data are UCS data. The UCS type indicates that this UCS is of 
single content or album content. The UCS valid period denotes a period in which this UCS can be used. This period is 

35 represented by date of expiration or the number of days from the start of usage to the end of usage for example. 

[0379] The content ID describes the ID of the purchased single content. The album ID indicates that the album is 
purchased. Actually, if content is purchased as a single, the ID of the purchased single content is stored only in the con- 
tent ID; if content is purchased as album, the IDs of all single contents constituting the album are stored in the content 
ID and the ID of the album is stored in the album ID. Therefore, the album ID can easily be determined by just checking 

40 the album ID whether the purchased content is single or album. 

[0380] The SAM ID indicates the SAM of the device in the user home network 1 14 in which content purchase has 
been processed. The user ID indicates that plural users who shares the device in the user home network 1 14 in which 
content has been purchased are present. 

[0381] The content provider ID indicates the ID of the content provider 1 1 1 that specifies the UCP used for gener- 
45 ating a UCS. The UCP ID indicates the UCP used for generating this UCS. The UCP version denotes the version infor- 
mation of the UCP used for generating the UCS. The service provider ID denotes the ID of the service provider 1 12 that 
generated the PT used for generating the UCS. The PT ID denotes the PT used for generating this UCS. Consequently 
these items of information indicate the content provider 1 1 1 or the service provider 1 12 from which the user purchased 
content. 

50 [0382] The UCS ID is attached by the SAM of the device in the user home network 1 14 that purchased content, 
thereby identifying this UCS. The reproduction right rule number indicates a serial number attached to the reproduction 
right of the usage right. For this rule number, the number of the rule indicated by the corresponding UCP and PTis used 
without change. The usage right description indicates the description of reproduction right to be described later. The 
reproduction remain count indicates the remaining number of times for which the purchased content can be repre- 
ss duced. The reproduction right valid period indicates a period in which the purchased content can be reproduced. This 
period is defined by an expiration date for reproduction, for example. 

[0383] The duplication right rule number indicates a serial number attached to the duplication right of the usage 
right- For this rule number, the number of the rule indicated by the corresponding UCP and PT is used without change. 
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The usage right description indicates the description of duplication right to be described later. The duplication remain 
count indicates the remaining number of times for which the purchased content can be duplicated. 
[0384] The generation management information indicates the remaining number of times for which the repurchased 
content can be repurchased. The ID of the SAM holding reproduction right indicates the SAM holding the reproduction 
5 right at the current point of time. When management shift is made, the ID of the SAM having the reproduction right 
changes. 

[0385] tt should be noted that, in the UCS, a valid period may be specified for the reproduction right. If the valid 
period is specified, the duplication enabled period for purchased content is indicated by the expiration date of this valid 
period. ^ 

70 [0386] Referring to FIG. 68, there is shown information on charges, which is generated by the device in the user 
home network 1 14 at purchasing content, on the basis of the UCP and the PT corresponding to the content. 
[0387] The information on charges includes data type, SAM ID, user ID, content ID, content provider ID, UCP ID, 
UCP version, service provider ID, PT ID, PT version, UCS ID, rule number, profit amount and profit ratio of content pro- 
vider 111, profit amount and profit ratio of service provider, generation management information, data size of transmis- 

15 sion information set by content provider, transmission infomiation set by that content provider, data size of transmission 
information set by service provider, transmission information set by that service provider, and ID of supply source. 
[0388] In the above-mentioned information on charges, the data type indicates infomnation on charges. The SAM 
ID indicates the SAM of the device that generated this information on charges by executing content purchase process- 
ing. The user ID indicates plural users who share the device in the user home network 1 14 in which content has been 

20 purchased are present. The content ID indicates the purchased content (single content or album content). 

[0389] The content provider ID indicates the ID of the content provider 1 1 1 that specified the UCP used for the con- 
tent purchase processing (namely, the ID of the content provider 1 1 1 included in this UCP). The UCP ID indicates the 
UCP used for the content purchase processing. The UCP version indicates the version infomaation of the UCP used for 
the content purchase processing. The sen/ice provider ID Indicates the ID of the service provider 1 12 that generated 

25 the PT used forcontent purchase processing (namely, the ID of the service provider included in this PT). The PT ID indi- 
cates the PT used for the content purchase processing. The PT version indicates the version information used for con- 
tent purchase processing. 

[0390] The UCS ID indicates the ID of the UCS generated at content purchase processing. The rule number indi- 
cates the number attached to the purchased usage right as a serial number. The profit amount and profit ratio of content 
30 provider indicate the amount of money of the share to be distributed to the content provider 1 1 1 due to the purchase of 
content and the ratio to the sale respectively The profit amount and profit ratio of service provider 112 indicate the 
amount of money of the share to be distributed to the service provider 112 upon the purchase of the content and the 
ratio to the sale, respectively. 

[0391] The generation management information indicates the generation of the purchased content. The data size 

35 of transmission information set by a content provider and the transmission information set by that content provider store 
the data size indicated by the UCP used for content purchase processing and the transmission information without 
change. The data size of transmission information set by a service provider and the transmission information set by that 
service provider store the data size indicated by the PT used for content purchase processing and the transmission 
information without change. The supply source ID indicates the device from which the content purchased-and proc- 

40 essed is provided. This ID is accumulated every time the content is repurchased. 

[0392] It should be noted that, in the above-mentioned information on charges, the profit amount and profit ratio of 
the content provider and the profit amount and profit ratio of the service provider may be collectively managed by the 
EMD service center 110. Therefore, as shown in FIG. 69, the infomnation on charges may also be configured without 
these profit amounts and profit ratios of content provider and service provider. 

45 [0393] As described, in the EMD system according to the second embodiment of the invention, the code associated 
with discount infomnation is specified among the content provider 1 1 1 , the service provider 112. and the EMD service 
center 1 1 0. The content provider 1 1 1 sets, by means of the UCP, a code value indicative of the description of discount 
infomnation for each content usage description. The service provider 1 12 sets, by means of PT, a code value indicative 
of discount information for the price condition of content. These UCP and PT are sent to the receiver 1 1 3 along with the 

50 content. 

[0394] Next, in this EMD system, on the basis of the UCP and PT corresponding to the content specified by the user 
for purchase, the SAM 125 of the receiver 1 13 stores the code values indicative of the descriptions of the discount infor- 
mation set by the content provider 1 1 1 and the service provider 1 12, as desired, to generate information on charges. 
The SAM 125 then sends the generated infomnation on charges along with the corresponding UCP and PTto the EMD 
55 service center 1 1 0. The EMD service center 1 1 0 computes a discount price on the basis of the code values indicative 
of the descriptions of the discount information set by the content provider 1 1 1 and the service provider 1 12 as desired. 
[0395] Therefore, in the above-mentioned EMD system, the content usage description and the discount information 
according to that usage description are set by the content provider 1 1 1 side, thereby making it unnecessary for the SAM 
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125 of the receiver 113 to hold the discount information beforehand nor recognize it. This allows the content provider 
111 and the service provider 1 12 to set discount infomriation as desired. This also facilitates the setting of new rules 
(usage descriptions) for discount information among the content provider 1 1 1 , the service provider 1 12. and the EMD 
service center 1 1 0. Consequently, the SAM 125 of the receiver 113 can easily execute discount processing according 

5 to various rules (usage descriptions) upon purchase of content. 

[0396] In the above-mentioned EMD system, if a discount given to a bundle sale of two or more pieces of content 
at once is specified as a new rule of discount information, such a bundle of contents is set to "Usage Description" of the 
UCP in the content provider 1 1 1 and a code value of the discount information is set to "Usage Description." At the same 
time, the code value of the discount information is set to "Price Condition" of the PT corresponding to that UCP in the 

10 service provider 112. Consequently, in the EMD service center 1 10, the sale price for the bundle of content can be eas- 
ily discounted in the receiver 1 13 on the basis of the information on charges generated this time while the receiver 113 
is not particularly aware of the sale of the bundle of content being subject to discount. 

[0397] In the above-mentioned EMD system, a signature is attached to each of the UCP and the PT and the signed 
UCP and PT are transmitted. Consequently, in the EMD service center 110, the sale price can be discounted on the 

15 basis of the official discount information set by the content provider 1 1 1 and the service provider 1 1 2. At the same time, 
the signed settlement information for content provider and the signed settlement information for service provider are 
sent from the EMD service center 1 10 to the content provider 1 1 1 and the service provider 112, respectively. Conse- 
quently, the content provider 1 1 1 and the service provider 1 12 can check if the discount information set by these pro- 
viders 1 1 1 and 112 has been used correctly or not. 

20 [0398] In the above-mentioned EMD system, point information is provided for discount information and the user can 
specify to whetherto use or not this point information as desired. Consequently, in addition to compulsory, unilateral dis- 
count by the system, the content purchasing side can request discount, thereby significantly enhancing the ease of use 
of the EMD system itself. It should be noted that, In using the point infonnation, a discount price is calculated by directly 
subtracting a discount amount corresponding to the point information to be used from a sale price, thereby facilitating 

25 the use of this point infonnation without resorting to such settlement methods as credit card, bank transaction, and pre- 
paid electronic money. 

[0399] According to the above-mentioned constitution, the code associated with discount information is shared 
among the content provider 1 1 1 , the service provider 1 12, and the EMD service center 110. The content provider 1 1 1 
and the service provider 1 12 separately sets discount information code values in the UCP and the PT When content 

30 purchase is made, the receiver 1 1 3 stores the discount information code values set by these providers 1 1 1 and 1 1 2 into 
the information on charges generated upon the purchase of content and sends this information on charges to the EMD 
service center 1 1 0 as it is. On the basis of the discount information code values included in the received information on 
charges, the EMD service center 1 10 computes a discount price. Thus, the above-mentioned constitution allows the 
content provider 1 1 1 and the service provider 1 12 to set discount infonnation as desired, to specify new rules associ- 

35 ated with discount information for use. thereby easily realizing wide discounting for content purchase. 

(3) Other embodiments 

[0400] In the above-mentioned first and second embodiments, the user home networks 5 and 114 made up of the 
40 receiver 51 and the receiver 113, respectively, are used for the infonnation processing apparatus according to the 
present invention. However, it will be apparent to those skilled in the art that the invention is not limited to this infonna- 
tion processing apparatus; rather, a wide variety of infonnation processing apparatuses having other configurations are 
also available. 

[0401] In the above-mentioned first and second embodiments, the EMD service centers 1 and 110 are used 
45 respectively for the information management apparatus according to the present invention. However, it will be apparent 
to those skilled In the art that a wide variety of management apparatuses having other configurations are also available. 
[0402] In the above-mentioned second embodiment, the EMD system is used for the information providing system 
according to the present invention. However, it will be apparent to those skilled in the art that, in addition to the EMD 
system, various other infonnation providing system are also available including systems for providing non-music con- 
so tent such as computer programs and video data. 

[0403] In the above-mentioned second embodiment, the content provider 111 and the service provider 112 are 
used for the information transmission apparatuses according to the present invention. However, it will be apparent to 
those skilled in the art that the present invention is not limited to these providers; rather, also available are information 
transmission apparatuses of other configurations such as those composed of the content provider 111 alone or the 
55 service provider 1 1 2 alone. 

[0404] In the above-mentioned first embodiment, the storage module 73 is used for storage means for storing the 
discount amount of content usage fee. However, it will be apparent to those skilled in the art that the present invention 
is not limited to the storage module 73; rather, various other storage means are also available as long as they can store 



36 



BNSDOCID; <EP 1047030A2_L> 



i ' EP 1 047 030 A2 

the discount amount of content usage fee. 

[0405] In the above-mentioned first embodiment, the charging processing module 72 is used for generating means 
for generating information on charges including the information for identifying content usage fee. However, it will be 
apparent to those skilled in the art that the present invention is not limited to the charging processing module 72; rather, 
5 various other generating means are available as long as they can generate the infonnation on charges including the 
information for identifying content usage fee. 

[0406] In the above-mentioned first embodiment, the input control block 68 is used for setting means for setting, to 
the information on charges generated by the generation means, the settlement of content fee is to be performed by dis- 
counting the usage fee.by the discount amount stored in the storage means. However, it will be apparent to those skilled 
10 in the art that the present invention is not limited to the input control block 68; rather, other various setting means are 
also available as long as they can set the settlement processing with discount to the infonnation on charges generated 
by the generating means. 

[0407] In the above-mentioned first embodiment, the communication block 61 is used for transmission means for 
sending to the management apparatus, the information on charges generated by the generating means and set with the 
15 above-mentioned settlement processing with discount by the setting means. However, it will be apparent to those skilled 
in the art that the present invention is not limited to the communication block 61 for settlement processing; rather, vari- 
ous other communication means are also available as long as they can send the above-mentioned information on 
charges to the management apparatus. 

[0408] In the above-mentioned first embodiment, the user management block 1 8 is used for storage means for stor- 
20 ing the discount amount that can be used by the information processing apparatus. However, it will be apparent to those 
skilled in the art that the present invention is not limited to the user management block 1 8; rather, various other storage 
means are also available as long as they can store the discount amount that can be used by the information processing 

apparatus. 

[0409] In the above-mentioned first embodiment, the user management block 18 is used for receiving means for 
25 receiving the infonnation on charges that is supplied from the information processing apparatus, including the informa- 
tion for identifying content usage fee, and being set with the settlement processing in which the content charges is dis- 
counted by a discount amount. However, it will be apparent to those skilled in the art that the present invention is not 
limited to the user management block 18; rather, various other receiving means are also applicable as long as they can 
receive the above-mentioned infonnation on charges set with the settlement processing performed by discounting the 
30 charge for content by discount amount. 

[0410] In the above-mentioned first embodiment, the charging block 1 9 is used for reading means for reading the 
content usage fee from the information on charges received by the receiving means. However, it will be apparent to 
those skilled in the art that the present invention is not limited to the charging block 19; rather, various other reading 
means are also available as long as they can read the content usage fee from the infonnation on charges received by 
35 the receiving means. 

[0411] In the above-mentioned first embodiment, the history data management block 15 is used for settling means 
for settling content fee by discounting the discount amount stored in the storage means from the usage fee identified by 
the information on charges. However, it will be apparent to those skilled in the art that the present Invention is not limited 
to the history data management block 15; rather, various other settling means are also available as long as they can 

40 make the above-mentioned settlement processing in conjunction with discount processing. 

[0412] In the above-mentioned first embodiment, the profit distribution block 16 is used for computing means for 
computing the discount amount that can be used by the information processing apparatus on the basis of the amount 
of charges settled by the settling means. However, it will be apparent to those skilled in the art that the present invention 
is not limited to the profit distribution block 1 6; rather, various other computing means are also available as long as they 

45 can compute the discount amount that can be used by the information processing apparatus. 

[0413] In the above-mentioned first embodiment, the charging block 19 is used for means for determining a dis- 
count amount by multiplying a charging amount to be settled by the settling means by a predetermined discount ratio. 
However, it will be apparent to those skilled in the art that the present invention is not limited to the charging block 1 9; 
rather, various other determination means are also available as long as they can detennine a discount amount by mul- 

50 tiplying the above-mentioned charging amount by the above-mentioned predetermined discount ratio. 

[0414] In the above-mentioned first embodiment, the profit distribution block 16 is used for discount amount com- 
puting means for computing a discount share amount for the content providing apparatus by multiplying a discount 
amount determined by the determination means by a first share ratio, a discount share amount for the information pro- 
viding apparatus by multiplying the above-mentioned discount amount by a second share ratio, and a discount share 

55 amount for the management apparatus by multiplying the above-mentioned discount amount by a third share ratio. 
However, it will be apparent to those skilled in the art that the present invention is not limited to the profit distribution 
block 16; rather, various other discount amount computing means are also available as long as they can compute the 
above-mentioned discount share amounts by multiplying the discount amount by the first/second/third discount ratio 
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respectively for the information processing apparatus, information providing apparatus and the management apparatus. 
[0415] In the above-mentioned second embodiment, the code is used for setting discount information. However, it 
will be apparent to those skilled in the art that the present invention is not limited to this use of code; rather, the code 
usage is widely applied to various other processing operations such as categorizing content usage status for example. 
[0416] As described and according to an information processing apparatus according to claim 1 appended hereto, 
an information processing method according to claim 2 appended hereto, and an information providing medium accord- 
ing to claim 3 appended hereto, information on charges includes infonnation that charges is settled by discounting a 
content usage fee. Consequently, content can be purchased at a discount price. 

[0417] As described and according to an information processing apparatus according to claim 4 appended hereto, 
an infomriation processing method according to claim 7 appended hereto, and an information providing medium accord- 
ing to claim 8 appended hereto, charges is settled after discounting usage fee by a discount amount. Consequently, 
content can be provided at a discount price. 

[0418] As described, there is provided an infonnation providing system comprising: an information transmission 
apparatus for sending predetermined content data and a code indicative of predetermined information associated with 

15 use of the content data; an information processing apparatus for receiving the content data and the code supplied from 
the information transmission apparatus and sending the code when using the content data; and a management appa- 
ratus for receiving the code supplied from the information processing apparatus and executing predetermined process- 
ing using the predetermined information indicated by the code. According to the above-mentioned information providing 
system, when the content data are used, predetermined processing according to use of these content data can be exe- 

20 cuted. and at the same time, only changing the code specified by the management apparatus can easily allow execution 
of different processing operations for the use of the content data, thereby realizing the infomiation processing appara- 
tus for easily executing various processing. 

[0419] As described, there is provided an information transmission apparatus managed by a management appara- 
tus for sending predetermined content data to an infonnation processing apparatus, the information transmission appa- 

25 ratus sending the predetermined content data and a code indicative of predetennined information associated with use 
of the predetermined content data, the code being sent from the information processing apparatus to the management 
apparatus when using the predetermined content data, the management apparatus executing predetermined process- 
ing using the predetermined information on the basis of the code received from the infonnation processing apparatus. 
According to the above-mentioned infonnation transmission apparatus, when the content data are used, the manage- 

30 ment apparatus can execute predetermined processing according to the use of the content data, and at the same time, 
only changing the specified code allows the management apparatus to easily execute different processing operations 
for the use of the content data. 

[0420] As described, there is provided a management apparatus for managing an information processing appara- 
tus for receiving predetermined content data from an infonnation transmission apparatus, wherein the predetermined 

35 content data and a code indicative of predetermined information associated with use of the content data are sent from 
the infonnation transmission apparatus to the information processing apparatus and the code is sent, when using the 
content data, from the information processing apparatus to the management apparatus, which executes predetermined 
processing by use of the predetennined information indicated by the received code. According to the above-mentioned 
management apparatus, when the content data are used, predetermined processing according to the use of the con- 

40 tent data can be executed, and at the same time, only changing the specified code facilitates different processing oper- 
ations for the use of the content data. 

[0421] As described, there is provided an information processing apparatus managed by a management apparatus 
for receiving predetermined content data from an information transmission apparatus, the information processing appa- 
ratus receiving the content data and a code indicative of predetermined information associated with use of the content 
45 data from the information transmission apparatus and sending the received code, when using the content data, to the 
management apparatus that executes predetermined processing by use of the predetermined information indicated by 
the received code. According to the above-mentioned infonnation processing apparatus, when the content data are 
used, only sending the corresponding code to the management apparatus allows it to execute the processing con-e- 
sponding to the use of the content data, and at the same time, if the specified code is changed, the management appa- 
ratus need not be aware of that change. Sending the changed code to the management apparatus allows it to easily 
execute different processing operations for the use of the content data. 

[0422] As described, there is provided an information providing method comprising the steps of: data sending step 
in which predetermined content data and a code indicative of predetermined information associated with use of the con- 
tent data are sent from an information transmission apparatus to an infonnation processing apparatus; code sending 
step in which the content data and the code sent from the information transmission apparatus are received by the infor- 
mation processing apparatus and the information processing apparatus sends the code when using the content data to 
a management apparatus; and processing executing step in which the code sent from the information processing appa- 
ratus is received by the management apparatus and the management apparatus executes predetermined processing 
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by use of the information indicated by the received code. According to the above-mentioned infonnation providing 
method, when the content data are used, predetermined processing according to the use of the content data can be 
executed, and at the same time, only changing the code specified by the management apparatus facilitates different 
processing operations for the use of the content data. 

[0423] While the preferred embodiments of the present invention have been described using specific ternis, such 
description is for illustrative purposes only, and it is to be understood that changes and variations may be made without 
departing from the scope of the appended claims. 

Claims 

1. An information processing apparatus managed by a management apparatus for decrypting encrypted information 

and using decrypted information, comprising: 

storage means for storing a discount amount of a usage fee of said encrypted information; 

generating means for generating information on charges including information for identifying said usage fee of 

said encrypted information; 

setting means for setting, to said information on charges, information that charges for said encrypted informa- 
tion is settled by discounting said discount amount; and 

sending means for sending, to said management apparatus, said information on charges set with said informa- 
tion that charges for said encrypted information Is settled by discounting said discount amount 

2. An information processing method for an information processing apparatus managed by a management apparatus 
for decrypting encrypted information and using decrypted information, comprising the steps of: 

storing a discount amount of a usage fee of said encrypted information; 

generating information on charges including infonnation for identifying said usage fee of said encrypted infor- 
mation; 

setting, to said infonnation on charges, information that charges for said encrypted information is settled by dis- 
counting said discount amount; and 

sending, to said management apparatus, said infonnation on charges set with said information that charges for 
said encrypted information is settled by discounting said discount amount. 

3. An infomnation providing medium for providing a computer-readable program for making an information processing 
menod for an information processing apparatus managed by a management apparatus for decrypting encrypted 
information and using decrypted information execute processing comprising the steps of: 

storing a discount amount of a usage fee of said encrypted information; 

generating information on charges including information for identifying said usage fee of said encrypted infor- 
mation; 

setting, to said information on charges, information that charges for said encrypted information is settled by dis- 
counting said discount amount; and 

sending, to said management apparatus, said information on charges set with said information that charges for 
said encrypted information is settled by discounting said discount amount 

4. A management apparatus for managing an information processing apparatus that decrypts encrypted information 
to use decrypted information, comprising: 

storage means for storing a discount amount usable by said information processing apparatus; 

receiving means for receiving information on charges supplied from said information processing apparatus, 

including information for identifying a usage fee of said encrypted infomnation, and set with information that 

charges for said encrypted information is settled by discounting said discount amount; 

reading means for readirig said usage fee of said encrypted information from said information on charges; 

settling means for settling charges of said encrypted information by subtracting said discount amount from said 

usage fee identified by said information on charges; and 

computing means for computing, on the basis of an amount of said charges settled by said settling means, a 
discount amount usable by said information processing apparatus. 

5. The management apparatus according to claim 4, further comprising: determining means for determining a dis- 
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count amount by multiplying said charges to be settled by said settling means by a predetemiined discount ratio- 
wherein said storage means stores said discount amount determined by said determining means. 

The management apparatus according to claim 4. further comprising discount amount computing means for com- 
puting, when said management apparatus is connected to an information providing apparatus for providing said 
encrypted information and a information providing apparatus for providing a predetermined service In correspond- 
ence with said encrypted information, a discount share amount for said information providing apparatus by multi- 
plying said discount amount determined by said determining means by a first share ratio, a discount share amount 
for said information providing apparatus by multiplying said discount amount by a second share ratio, and a dis- 
count share amount for said management apparatus by multiplying said discount amount by a third share ratio. 

A managing method for a management apparatus for managing an information processing apparatus that decrypts 
encrypted infomriation to use decrypted information, comprising the steps of: 

storing a discount amount usable by said information processing apparatus; 

receiving information on charges supplied from said information processing apparatus, including information 
for Identifying a usage fee of said encrypted information, and set with information that charges for said 
encrypted information is settled by discounting said discount amount; 
reading said usage fee of said encrypted infomnation from said information on charges; 
settling charges of said encrypted information by subtracting said discount amount from said usage fee identi- 
fied by said information on charges; and 

computing, on the basis of an amount of said charges settled in said settling step, a discount amount usable 
by said infonmation processing apparatus. 

An information providing medium for providing a computer-readable program for making a management apparatus 
for managing an mfonnation processing apparatus that decrypts encrypted information to use decrypted informa- 
tion execute processing comprising the steps of: 

storing a discount amount usable by said information processing apparatus; 

receiving infomiation on charges supplied from said information processing apparatus, including information 
for Identifying a usage tee of said encrypted information, and set with information that charges for said 
encrypted information is senied by discounting said discount amount; 
reading said usage fee of said encrypted information from said inforrnation on charges; 
settling charges of said encrypted information by subtracting said discount amount from said usage fee Identi- 
35 fied by said information on charges; and 

computing, on the basis of an amount of said charges settled in said settling step, a discount amount usable 
by said information processing apparatus. 

9. An information providing system comprising: 

an information transmission apparatus for sending predetermined content data and a code indicative of prede- 
termined information associated with usage of said content data; 

an infonnation processing apparatus for receiving said content' data and said code and sending said code 
when using said content data; and 

a management apparatus for receiving said code and executing predetermined processing using said prede- 
termined information indicated by said code. 

10. The information providing system according to claim 9, wherein said predetermined information is discount infor- 
mation, and said management apparatus, on receiving said code, executes discount processing using said dis- 

50 count information indicated by said code. 

11. The information providing system according to claim 9, wherein said predetemiined information is discount point 
information and said management apparatus, on receiving said code, executes discount processing using said dis- 
count point information indicated by said code, 

55 

12. The information providing system according to claim 1 1 , wherein said information processing apparatus when said 
content data are used, attaches a flag indicative of use or no use of said discount point information to said code 
and sends said code to said management apparatus; and said management apparatus, if said flag attached to said 
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code indicates use of said discount point information, executes said discount processing using said discount point 
information and, if said flag indicates no use of said discount point infonnation. stores said discount point informa- 
tion. 

5 13. An information transmission apparatus managed by a management apparatus for sending predetennined content 
data to an information processing apparatus, said information transmission apparatus sending said predetermined 
content data and a code indicative of predetermined information associated with use of said predetermined content 
data, said code being sent from said infonnation processing apparatus to said management apparatus when using 
said predetermined content data, said management apparatus executing predetermined processing using said 

10 predetermined infonnation on the basis of said code received from said information processing apparatus. 

14. The information transmission apparatus according to claim 13, wherein said predetermined information is discount 
information and said code for having said management apparatus execute discount processing using said discount 
information is sent to said information processing apparatus. 

15 

15. The information transmission apparatus according to claim 13, wherein said predetermined information is discount 
point information and said code for making said management apparatus execute discount information using said 
discount point information Is sent to said information processing apparatus. 

20 16. A management apparatus for managing an information processing apparatus for receiving predetermined content 
data from an information transmission apparatus, wherein said predetermined content data and a code indicative 
of predetemnined information associated with use-^^of said content data are sent from said infonnation transmission 
apparatus to said Information processing apparatus and said code is sent, when using said content data, from said 
information processing apparatus to said management apparatus, which executes predetermined processing by 

25 use of said predetermined information indicated by said received code. 

17. The management apparatus according to claim 1 6. wherein said predetermined infonnation is discount information 
and, on receiving said code from said infonnation processing apparatus, said management apparatus executes 
discount processing by use of said discount information indicated by said received code. 

30 

18. The management apparatus according to claim 1 6, wherein said predetermined information Is discount point infor- 
mation and, on receiving said code from said information processing apparatus, said management apparatus exe- 
cutes discount processing by use of said discount point information indicated by said received code. 

35 19. The management apparatus according to claim 1 8, wherein said information processing apparatus, when said con- 
tent data are used, attaches a flag indicative of use or no use of said discount point information to said code and 
sends said code to said management apparatus; and said management apparatus, if said flag attached to said 
code indicates use of said discount point information, executes said discount processing using said discount point 
information and, rf said flag indicates no use of said discount point infonnation, stores said discount point informa- 

40 tion. 

20. An information processing apparatus managed by a management apparatus for receiving predetermined content 
data sent from an information transmission apparatus, said Information processing apparatus receiving said con- 
tent data and a code indicative of predetermined information associated with use of said content data from said 

45 information transmission apparatus and sending said received code, when using said content data, to said man- 

agement apparatus that executes predetermined processing by use of said predetennined Information. 

21. The infomiation processing apparatus according to claim 20, wherein said predetermined information is discount 
information and, when using said content data, said code is sent to said management apparatus that executes dis- 

50 count processing by use of said discount information indicated by said code. 

22. The information processing apparatus according to claim 20, wherein said predetermined infomiation is discount 
point infonnation and, when using said content data, said code is sent to said management apparatus that exe- 
cutes discount processing by use of said discount point information Indicated by said code. 

55 

23. The information processing apparatus according to claim 22. wherein said Information processing apparatus, when 
said content data are used, sends said code attached with a flag indicative of use or no use of said discount point 
information to said management apparatus that executes said discount processing if said flag indicates use of said 
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St informaJor"^^''"" ' "° "'^ °' information, stores said discount 

24. An information providing method comprising the steps of: 

ated wit? uJj" r"^!l Predetermined content data and a code Indicative of predetemiined infomiation associ- 
prSe^ng rpparaTu's ' ^" ^P^^^*- *° - '"^°--«on 

2L'1?H ri'-H "^'^ '"^ ""'^ ^^'^ information transmission apparatus are 

whTui H Pr°=«^«i"g apparatus and said information processing apparatus sends said code 

when using said content data to a management apparatus- and 

ZTnl^H^ executing in which said code sent from said information processing apparatus is received by said 
management apparatus and said management apparatus executes predetermined processing by use of said 
predetermined information Indicated by said received code. m s ng oy use or said 

25. information providing method according to ciaim 24. wherein said data sending step sends said code indicative 

anrjl' or^tT '"'T'"°" ^'^ transmission app^S" 

and said process ng executing step executes, by said management apparatus, discount processing by use of said 
discount information indicated by said received code. 

ITc Jr^Zn'T ^"''"'■'""^ '° ^^t^ sending step sends said code indicative 

ratus and 2d3 Point information from said information transmission appi 

ratus and said processing executing step executes, by said management apparatus, discount processing by use 
of said discount point infonnation indicated by said received code. "i-essmg oy use 
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The information providing method according to claim 26. wherein said code sending step attaches by said infor- 
manon processing apparatus, a flag indicative of use or no use of said discount point infonnation to said'code when 
eTuZT T ' ^""^ *° "^'^ management apparatus; and said processing executing step 

naraTached t^^^^^^^^^ apparatus, said discount processing by use of said discount point infom,ation S 

on t sa^ «^I^nX=t ' "'^ °' ^^'^ information and stores said discount point infomia- 

tion t said flag indicates no use of said discount point information. 
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